CVE-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the...

GHSA-MCX4-F5F5-4859 Prevent cache poisoning via a Response Content-Type header in Symfony

Description ----------- When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a...

Prevent cache poisoning via a Response Content-Type header in Symfony

Description ----------- When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a...

CVE-2020-5255

In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the...

PT-2020-18349 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4.7 Symfony versions prior to 5.0.7 Description: When a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading ...

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Exploit

Exploit for php platform in category web applications Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.ph...

Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure

!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

CVE-2016-5346

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AFMSMIPC sockets, which could let a local malicious user obtain sensitive information Android Bug ID...

Hospital Management System 4.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Tested on...

CVE-2019-10516

CVE-2019-10516 is described as multiple read overflows in MM during decoding of service accept/reject and MT detach, affecting a broad list of Qualcomm Snapdragon platforms (e.g., APQ8009, APQ8017, SDM4xx, SM8x, SXR1130, and other Snapdragon lines). Root cause: read overflow in MM when decoding s...

phpLDAPadmin Local File Inclusion Vulnerability

phpLDAPadmin is a web-based LDAP client which is mainly used to manage LDAP servers. A local file inclusion vulnerability exists in the way the 'Accept-Language' HTTP header value is handled in versions of phpLDAPadmin prior to 0.9.8, which can be exploited by a remote attacker to cause a denial ...

DEBIAN-CVE-2011-4082

A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request...

nostromo nhttpd memory error vulnerability

nostromo nhttpd is an open source web server . A memory error vulnerability exists in the 'SSLaccept' function in nostromo nhttpd 1.9.6 and earlier versions. An attacker is able to trigger a denial of service via a crafted http request...

CVE-2019-16279

A memory error in the function SSLaccept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request...

CVE-2007-5712

The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...

CVE-2015-9416

The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...

Design/Logic Flaw

The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...

CVE-2015-9416

CVE-2015-9416 affects the WordPress WPML plugin (sitepress-multilingual-cms) versions 2.9.3–3.2.6. Affected component: WPML; root cause: cross-site scripting via the Accept-Language HTTP header. Impact: allows execution of client-side code in victims’ browsers (XSS). Notable sources corroborate X...

CVE-2015-9416

The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...

IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read Exploit

!/usr/bin/perl -w IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read Todor Donev 2019 c Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact...