22 matches found
HTTP Response Splitting
Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the host component of a URI when constructing a PSR-7 Uri or Request. An attacker can inject arbitrary HTTP headers by supplying a crafted host value containing ASCII control characters, such as CRLF, which a...
CVE-2026-48710
A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...
CVE-2026-32591
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...
Incorrect Regular Expression
Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Incorrect Regular Expression via the allowedhosts host validation. An attacker can gain unauthorized access by supplying a specially crafted...
EUVD-2012-1088
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-22881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in...
The vulnerability of the user interface of the Plesk Obsidian hosting platform allows a hacker to redirect users to arbitrary websites.
The vulnerability of the Plesk Obsidian web hosting platform’s user interface involves redirecting URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites by sending a specially crafted “Host” header in HTTP requests...
Amazon Linux 2023 : runc (ALAS2023-2023-311)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-311 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to...
SUSE CVE-2012-0435
SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...
CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
PT-2021-15252
Name of the Vulnerable Software and Affected Versions Action Pack versions prior to 6.1.2.1 Action Pack versions prior to 6.0.3.5 Description The Host Authorization middleware in Action Pack suffers from an open redirect issue. Specially crafted Host headers, in combination with certain "allowed...
Null pointer dereference
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing '' character in an IPv6 address...
PT-2018-2958 · Embedthis · Appweb +1
Name of the Vulnerable Software and Affected Versions: Embedthis GoAhead versions prior to 4.0.1 Embedthis Appweb versions prior to 7.0.2 Description: The issue is related to errors in processing HTTP requests. It may allow a remote attacker to cause a denial of service. This can be achieved by...
CVE-2015-7263
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value...
CVE-2015-7263
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value...
Memory corruption
SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2012-1050
Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...
CVE-2012-1050
Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...