Human Resources Management System 1.0 SQL Injection Vulnerability

Exploit Title: Human Resources Management System - HRM - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1550)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2023-1525)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...

Updated apache packages fix security vulnerability

Some modproxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target URL data an...

CVE-2023-25804

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25804

CVE-2023-25804 affects Roxy-WI web interface for managing Haproxy, Nginx, Apache, and Keepalived. The vulnerability is a limited path traversal in the name parameter that allows an SSH key to be saved to an unintended location (for example, /tmp) using a payload such as ../../../../../tmp/test111...

CVE-2023-25804 Roxy-WI vulnerable to Limited Path Traversal in name parameter

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25695

CVE-2023-25695 affects Apache Airflow prior to 2.5.2 and is an information-disclosure vulnerability caused by error messages that can contain sensitive data. The related advisories note that tracebacks may reveal details (e.g., Python/Airflow version, node name) to users, potentially aiding targe...

Spoofing

Azure Apache Ambari Spoofing Vulnerability...

CVE-2023-23408

CVE-2023-23408 corresponds to a spoofing vulnerability in Microsoft Azure HDInsight/Ambari components (Azure Apache Ambari). Public records describe exploitation via the Ambari web interface, enabling an attacker to impersonate a user and potentially perform unauthorized actions. The issue is tra...

CVE-2023-23408 Azure Apache Ambari Spoofing Vulnerability

...

CVE-2023-23408 Azure Apache Ambari Spoofing Vulnerability

...

K000132965: Apache vulnerability CVE-2023-27522

Security Advisory Description HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. CVE-2023-27522...

CVE-2023-25803

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25802

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

Design/Logic Flaw

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

Directory traversal

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0...

CVE-2023-25802

CVE-2023-25802 affects Roxy-WI, a web interface for managing HAProxy, Nginx, Apache, and Keepalived. The issue is a path traversal vulnerability in versions prior to 6.3.6.0, where the application does not correctly neutralize dir/../filename sequences (for example /etc/nginx/../passwd), enabling...

CVE-2023-25802 Roxy-WI has Path Traversal vulnerability

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

CVE-2023-25802 Roxy-WI has Path Traversal vulnerability

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...