12 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-5385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of...
openSUSE 15 Security Update : yt-dlp (openSUSE-SU-2023:0374-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0374-1 advisory. - yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp...
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. To pass extra control data between...
CVE-2023-46121
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
Design/Logic Flaw
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
CVE-2023-46121 Generic Extractor MITM Vulnerability in yt-dlp
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
yt-dlp Environmental Issues Vulnerabilities
yt-dlp is based on the youtube-dl branch of the now inactive youtube-dlc. An environment issue vulnerability exists in versions prior to yt-dlp 2023.11.14, which stems from the ability to set an arbitrary proxy for requests to arbitrary URLs, allowing an attacker to man-in-the-middle requests sen...
Forced Browsing in Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
Debian DLA-749-1 : php5 security update (httpoxy)
CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's...
CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
nginx CGI Application Redirection Vulnerability
nginx is a Russian software developer Igor Sysoev developed a HTTP and reverse proxy server , can also be used as a mail proxy server . CGI Application is one of the lightweight MVC framework for Web application development . A redirection vulnerability exists in the nginx CGI Application. A remo...
CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...