EUVD-2021-24632

Malware in sbrugna...

EUVD-2007-2688

Malware in sbrugna...

CVE-2021-38162

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may,...

GPT Academic 代码注入漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a command injection vulnerability that stems from a security issue with the CodeInterpreter plugin, which can be exploited by an attacker to achieve Remote Co...

DEBIAN-CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

Design/Logic Flaw

An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL...

CVE-2023-33987 Request smuggling and request concatenation in SAP Web Dispatcher

An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL...

K30911244: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check failure

Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check may fail to detect and block certain HTTP requests when some signatures are disabled on the security policy and wildcard header. Impact The attack signatur...

K67397230: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect normalizing security exposure

Security Advisory Description The BIG-IP ASM, F5 Advanced Web Application Firewall Advanced WAF, and NGINX App Protect systems incorrectly normalize undisclosed strings. Impact The attack signature check fails to detect and block such requests, as expected of a security policy. Symptoms As a resu...

Apache HTTP Server Information Disclosure Vulnerability (Aug 2012) - Linux

Apache HTTP Server is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-38162

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may,...

Design/Logic Flaw

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may,...

CVE-2021-38162

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may,...

PT-2021-21976 · Sap · Kernel +2

Name of the Vulnerable Software and Affected Versions: SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81 KRNL64NUC versions 7.22, 7.22EXT, 7.49 KRNL64UC versions 7.22, 7.22EXT, 7.49, 7.53 KERNEL versions 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 Description: The issue allows an unauthenticated attacker...

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

CVE-2020-25096

LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...

Design/Logic Flaw

LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...

DNS Query Responds with Only One IP to Client PC When Connected Through Citrix Gateway Full VPN

If nslookup command is run fromwindows command prompt of a client PC connected through CitrixGateway with full VPN, split tunnel set as "OFF" and DNS configured as “Remote", thenthe output of the command returns only one back-end server IP.When connected to other full VPN, nslookup output returns...

CVE-2019-16785

An HTTP-request vulnerability was discovered in Waitress which implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR."...