Fingerprint Attendance 1.0 SQL Injection Vulnerability

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Steps 1...

httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling...

The vulnerability of the Apache HTTP Server’s web server, related to HTTP request processing flaws, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

...

AZL-9018 CVE-2022-23943 affecting package httpd for versions less than 2.4.53-1

Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...

ALPINE-CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

DEBIAN-CVE-2022-23943

Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...

AZL-9016 CVE-2022-22720 affecting package httpd for versions less than 2.4.53-1

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

UBUNTU-CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

PT-2022-1920

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.52 and earlier Description The issue is related to the improper handling of HTTP requests, which can allow a remote attacker to perform an HTTP Request Smuggling attack. This occurs when the server fails to clos...

VulnCheck KEV: CVE-2017-15715

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

VulnCheck KEV: CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

VulnCheck KEV: CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted...

VulnCheck KEV: CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

Exposure of Sensitive Information to an Unauthorized Actor in fgribreau/node-request-retry

Exposure of Sensitive Information to an Unauthorized Actor in FGRibreau/node-request-retry Reported on Feb 10 2022 | Timothee Desurmont Vulnerability type: CWE-200 Bug Cookies are leaked to external sites. Description js request$mysite/redirect.php?url=$attacker/, options When fetching a Redirect...

httpd: mod_lua: Possible buffer overflow when parsing multipart content

A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability...

USN-5212-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. CVE-2021-44224 It was discovered that...

The vulnerability of the Apache HTTP server, related to the manipulation of requests on the server side, allows attackers to perform SSRF attacks.

The vulnerability of the Apache HTTP server is related to the manipulation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack by sending specially crafted HTTP requests...

ALPINE-CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...