873 matches found
Cross site scripting
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information...
Cross site scripting
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split...
CVE-2019-4461
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information...
CVE-2019-4396
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split...
CPDoS Poisoning Attack
On October 22, 2019, a new method of web cache poisoning, called CPDoS or Cache Poisoned Denial of Service, was announced by researchers, Hoai Viet Nguyen and Luigi Lo Iacono. Targeting content delivery networks and other caching systems, the attack works by using a malicious header in the HTTP...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...
CVE-2017-2666
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...
CVE-2019-15259
A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...
CVE-2019-15259
A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...
Cross site scripting
A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...
CVE-2019-15259 Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability
A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...
CVE-2019-15259 Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability
A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...
Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability
A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...
YzmCMS HTTP Host Header Injection Vulnerability
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.3 HTTP host header injection vulnerability. Attackers can use this vulnerability to Web cache poisoning or trigger redirection...
CVE-2019-16532
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections...
CVE-2019-16532
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections...
CVE-2019-16532
CVE-2019-16532 describes an HTTP Host header injection vulnerability in YzmCMS 5.3. Multiple connected sources (Red Hat, CNVD, NVD, OSV, CVE listings) confirm that an attacker can abuse the Host header to poison caches or trigger redirections. The core issue is a Host header handling flaw in YzmC...
Microsoft Outlook Web Access 14.3.224.2 Header Injection
!/usr/bin/perl -w Microsoft Outlook Web Access build:14.3.224.2 Remote Header 'Host' Injection Copyright 2019 c Todor Donev I suspect "Web Cache Poison" but I'm not sure, so test ; Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual...
Lyst: Web Cache poisoning attack leads to User information Disclosure and more
Hello Your Web-Server is vulnerable to web cache poisoning attacks. This means, that the attacker are able to get another user Information. If you are logged in and visit this website For example: https://www.lyst.com/shop/trends/mens-dress-shoes/blahblah.css Then the server will store the...
PayPal: DoS on PayPal via web cache poisoning
On https://paypal.com/, you could impact core functionality by using an invalid Transfer-Encoding header to replace JavaScript files from www.paypalobjects.com with the message '501 Not Implemented'. This was patched and awarded a $9,700 bounty. By the time you read this, there should be a full...