XVIDEOS: Host Header Injection Attack - www.xnxx.com

Host Header Injection Attack - www.xnxx.com An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifi...

CVE-2022-31125

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi version...

Design/Logic Flaw

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before...

CVE-2022-31126

CVE-2022-31126 affects Roxy-wi prior to 6.1.1.0. The Nuclei template confirms remote code execution via the vulnerable path, with commands executed through the application logic (ssh_command) in /app/funct.py, enabling an unauthenticated attacker to run arbitrary code on the target. Exploitation ...

Cross-site scripting - Stored via upload ".pages" file

Description In file upload function, the server allow upload .pages file with contain some javascript code lead to XSS. Proof of Concept REQUEST: POST /demo/plupload HTTP/1.1 Host: demo.microweber.org Cookie: laravelsession=r768Tqzv8h0fkjgvKdofhxgmjcorT6pwuqMKJkIb;...

ALSA-2022:5468: php:8.0 security update (Important)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

Design/Logic Flaw

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

CVE-2022-31081

CVE-2022-31081 affects the Perl HTTP::Daemon library. Versions prior to 6.15 are vulnerable due to improper handling of the Content-Length header, which could enable HTTP request smuggling and potentially allow privileged access to APIs or poisoning of intermediate caches. The issue is documented...

CVE-2022-31081 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

Apache Tomcat Cross-Site Scripting Vulnerability

Apache Tomcat is a lightweight Web application server from the Apache Foundation. The application implements support for Servlet and JavaServer Page JSP.A cross-site scripting vulnerability exists in Apache Tomcat, which stems from the fact that the form authentication example in the sample web...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

curl: CVE-2022-35252: control code in cookie denial of service

Summary: I took a look at https://github.com/curl/curl/pull/9048/commits/d7bcbc7d8d4b6d972d3da12d54819169a19c287b a sneak peek on a vulnerability to be announced tomorrow. My guess for that vulnerability is that since cookies are persistent, someone who can trick curl into storing cookies can sto...

CVE-2022-2104 Secheron SEPCOS Control and Protection Relay

The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...

CVE-2022-2104

The CVE-2022-2104 entry concerns the Secheron SEPCOS Control and Protection Relay. The issue is that the www-data (Apache web server) account is configured to run sudo without a password for many commands (including /bin/sh and /bin/bash), enabling potential OS-level privilege escalation. Public ...

USN-5487-2 apache2 regression

USN-5487-1 fixed several vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. We apologize for the inconvenience. Original advisory...

EulerOS 2.0 SP8 : subversion (EulerOS-SA-2022-1952)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according t...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2022-1952)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 10 package apache2 version 1:2.4.54-alt1

1:2.4.54-alt1 built June 21, 2022 Anton Farygin in task 302327 June 19, 2022 Anton Farygin - 2.4.54 Fixes: CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1843)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...