USN-7642-1: AIOHTTP vulnerabilities

Ben Kallus discovered that AIOHTTP did not correctly parse HTTP headers. A remote attacker could possibly use this issue to perform request smuggling. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2023-47627 Ivan Novikov discovered that AIOHTTP did not properly validate...

Online Faculty Clearance System 1.0 Shell Upload

Exploit Title: Online Faculty Clearance System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/onlineclearance0.zip Version: 1.0 Tested on Windows 10 @Vulnerable Source Code...

Possible request smuggling in HTTP/2 due missing validation

Impact If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the...

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities

SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities Exploit Title: SIMOGEO FileManager 2.3.0 - Path Traversal Vulnerability Date: 2015-12-09 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: https://github.com/simogeo/Filemanager Software Link: git clone...