Information disclosure

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

PT-2022-18658 · Autodesk · Autodesk Fusion 360

Name of the Vulnerable Software and Affected Versions: Autodesk Fusion 360 affected versions not specified Description: The issue allows an attacker to force a victim's device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360's document...

GHSA-5957-5CRX-79JX Zenario CMS vulnerable to CRLF injection

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...

Fusion Builder < 3.6.2 - Unauthenticated SSRF

Description The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network...

CVE-2021-34706 Cisco Identity Services Engine XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper handling...

Cisco Identity Services Engine XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper handling...

CVE-2021-23853

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs...

OutSystems Platform Server Server Cross-Site Request Forgery Vulnerability

Outsystems OutSystems Platform is a set of enterprise-level low-code development platform from OutSystems Outsystems. The platform is mainly used for the visual development of applications. A server cross-site request forgery vulnerability exists in OutSystems Platform Server, which can be...

Input validation

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...

HTTP Host Header Injection

A host header injection is inserting both the carriage return and linefeed characters into user input to trick the server. Successful exploitation could allow attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...

HTTP Response Splitting

Armeria is vulnerable to HTTP response splitting. A remote attacker is able to inject arbitrary HTTP headers using CRLF characters sequence. This is due to using unsanitized data to populate the headers in an HTTP response. The vulnerability can potentially lead to successful cache poisoning and...

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...

CVE-2019-4396

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split...

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. Recent assessments: ericalexanderorg at August 04, 2020 4:42pm UTC reported: More detail Stupid easy SSRF...

Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities

Binary data 700661.prm...

CVE-2018-1658

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6 is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrar...