CVE-2018-2432

CVE-2018-2432 affects SAP BusinessObjects BI Launchpad and Central Management Console (versions 4.10, 4.20, 4.30). The issue allows an attacker to include invalid data in the HTTP response header sent to a web user, enabling cross-site scripting and page hijacking as stated in the public descript...

Nikto 2.1.6 - CSV Injection

Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...

Nikto 2.1.6 CSV Injection

Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...

Nikto 2.1.6 - CSV Injection

Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...

CVE-2017-7797

Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox 55...

Microsoft Open Redirect

Exploit Title: Open Redirect at Microsoft Date: 28.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.microsoft.com/ Software : Microsoft Service Website Software Version : 1.0.0 Vulnerability : Open Redirect CWE : CWE-601: URL Redirection to Untrusted Site 'Open Redirect'...

CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

CVE-2018-11652

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

CVE-2018-7496

An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure...

CVE-2018-7496

CVE-2018-7496 affects OSIsoft PI Vision 2017 and earlier. The vulnerability is a Information Exposure (CWE-200) where server response header and referrer-policy header disclose unintended information. ICSA-18-072-03 notes an affected product: PI Vision versions 2017 and prior, with CVSS v3 base s...

NetTransport 2.96L - Remote Buffer Overflow (DEP Bypass)

NetTransport 2.96L - Remote Buffer Overflow DEP Bypass !/usr/bin/pythion Exploit Title: Buffer overflow in NetTransport Download Manager - Version 2.96L DEP Bypass CVE: CVE-2017-17968 Date: 28-12-2017 Software Link: http://xi-soft.com/downloads/NXSetupx86.zip Exploit Author: Author: Aloyce J...

GetGo Download Manager 5.3.0.2712 - Buffer Overflow

GetGo Download Manager 5.3.0.2712 - Buffer Overflow Exploit Title: Buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 CVE: CVE-2017-17849 Date: 22-12-2017 Tested on Windows 10 32 bits Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Software Link:...

GetGo Download Manager 5.3.0.2712 Buffer Overflow

Exploit Title: Buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 CVE: CVE-2017-17849 Date: 22-12-2017 Tested on Windows 10 32 bits Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Software Link: http://www.getgosoft.com/getgodm/ Category: webapps Attack...

EAP7: Internal IP address disclosed on redirect when request header Host field is not set

It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...

Apache Optionsbleed Scanner

This module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined. This module requires Metasploit: https://metasploit.com/download Current source:...

WakaTime: Sensitive Cookie Without 'HttpOnly' Flag

hello wakatime security team i found security vulnerability:Sensitive Cookie Without 'HttpOnly' Flag when i was testing your website then i notice that there is some csrftoken cookie appare in responce but the cookie have not httponly flag.you must should set httponly flag for some following...

CVE-2017-7679

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

Design/Logic Flaw

Web Server method disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to exploit and find another hole via HTTP response header...

CVE-2017-4015

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header...

CVE-2017-4013

Banner Disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to obtain product information via HTTP response header...