CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

PT-2020-6876 · Abb · Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 to 6.0.2 Description: The issue is related to the absence of the X-Frame-Options header in the HTTP response, which can potentially allow 'ClickJacking' attacks. This type of attack occurs when an attacker frames parts ...

Clario: CRLF Injection - http://stage-static-cdn.mackeeper.com/

Summary CRLF Injection - http://stage-static-cdn.mackeeper.com/ Steps To Reproduce In the rawRequest we have added '%0D%0Avirus:%20value' In Burp Repeater copy and paste the below rawRequest Notice the response with header added ------rawRequest---------- GET /%0D%0Avirus:%20value HTTP/1.1...

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...

nginx 1.9.5 < 1.16.1 / 1.17.x < 1.17.3 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is 1.9.5 prior to 1.16.1 or 1.17.x prior to 1.17.3. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling o...

GSA Bounty: Information disclosure (system username, server info) in the x-amz-meta-s3cmd-attrs response header on data.gov

Hi Team, I noticed, that the x-amz-meta-s3cmd-attrs response header returns sensitive information, like system username on data.gov x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33184/mtime:1513269652/atime:1513269652/md5:2049644b6b833f5dbb826f60a4721f64/ctime:1513269652 Server:...

Information Leakage

Elasticsearch is vulnerable to information leakage. An attacker can gain access to the other user's sensitive information in the response header if multiple users submitting requests, causing a race condition in response headers...

Node.js third-party modules: [tianma-static] Security issue with XSS.

I would like to report XSS in tianma-static It allows XSS and HTML Injection First of all, It is my first report and I am sorry that I am not good at English T.T thank you. Module module name: tianma-static version: 1.0.4 npm page: https://www.npmjs.com/package/tianma-static Module Description...

Automattic: Denial of service to WP-JSON API by cache poisoning the CORS allow origin header

The WP-JSON implementation on some wordpress.com websites I've tested is vulnerable to denial of service where by an attacker can provide an arbitrary Origin header in the request, which is then echoed back in the response via the Access-Control-Allow-Origin header, which is cached and served to...

CVE-2019-3462: apt/apt-get remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

0x00 vulnerability background 2019 1 May 22, @Max Justicz in his blog is disclosed about the debian-based package Manager apt/apt-get remote code execution in some detail. When by APT for any software installation, update, etc., the default will be to go HTTP instead of HTTPS, an attacker can MiT...

CVE-2018-11347

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

Design/Logic Flaw

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

CVE-2018-11347

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

CVE-2018-11347

The CVE-2018-11347 entry concerns the YunoHost web application (versions 2.7.2 through 2.7.14). Affected component/issue: HTTP Response Header Injection, enabling an attacker to inject one or more HTTP headers in server responses. Attack requirements: user interaction is needed (the attacker must...

CVE-2018-11347

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Softwa...

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Versio...

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Exploit Title: Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Date: 2018-07-20 Software Link: https://github.com/nystudio107/craft-seomatic Exploit Author: Sebastian Kriesten 0xB455 Contact: https://twitter.com/0xB455 CVE: CVE-2018-14716 Category: webapps 1. Description An...

Updated nikto packages fix security vulnerability

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report CVE-2018-11652...

CVE-2018-2432

SAP BusinessObjects Business Intelligence BI Launchpad and Central Management Console versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including:...