873 matches found
Wonder CMS 2.3.1 - Host Header Injection
Wonder CMS 2.3.1 - Host Header Injection Exploit Title: Wonder CMS 2.3.1 Host Header Injection Date: 30-01-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE :...
Wonder CMS 2.3.1 - 'Host' Header Injection
Exploit Title: Wonder CMS 2.3.1 Host Header Injection Date: 30-01-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE : CVE-2017-14523 Category: Webapp CMS 1...
HTTP Host header attacks against web proxy disclaimer response webpage
The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position i.e. able to modify the HTTP requests of the potential victim before they reach...
CVE-2017-7559
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...
Cross site scripting
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as We...
CVE-2017-1262
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as We...
CVE-2017-1262
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as We...
undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...
Cisco Email Security Appliance HTTP Response Splitting Vulnerability
Cisco Email Security Appliance ESA is a set of e-mail security appliances from the American company Cisco Cisco. The appliance provides spam protection, email encryption, data loss prevention and other features. An HTTP response splitting vulnerability exists in the Cisco Email Security Appliance...
Cross site scripting
A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...
CVE-2017-12309
A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...
CVE-2017-12309
A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...
CVE-2017-12309
The CVE-2017-12309 issue affects Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA). The root cause is improper input sanitization that enablesHTTP response splitting by an unauthenticated remote attacker, allowing potential cross-site scripting, cross-user defac...
Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability
A vulnerability in the Cisco Email Security Appliance ESA and Content Security Management Appliance SMA software could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly...
Google Go Denial of Service Vulnerability (CNVD-2017-32897)
Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A security vulnerability exists in the net/http inventory of the net/http/transfer.go file in versions of Google Go prior to 1.4.3, which stems from the program's failure to properly...
Cross site scripting
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perfor...
CVE-2017-1503
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perfor...
CVE-2017-1503
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perfor...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors...
CVE-2014-6106
Cross-site request forgery CSRF vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors...