VMware ESXi Security Vulnerabilities

VMware ESXi is a suite of server virtualization platforms from VMware that can be installed directly on physical servers. A security vulnerability exists in VMware ESXi that stems from an authentication bypass vulnerability that could allow an attacker to gain full access to a previously configur...

Twisted vulnerable to NameVirtualHost Host header injection

When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. Example configuration: python from twisted.web.server import Site from...