CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

CVE-2025-44957

CVE-2025-44957 affects Ruckus SmartZone (SZ) prior to 6.1.2p3 Refresh Build. The issue enables authentication bypass using a valid API key and crafted HTTP headers, potentially granting administrator access. Connected PT security notes corroborate the affected software and specify that the workar...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

PT-2024-25955 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon version 4.1.6 Description: The issue allows API endpoint rate limiting to be bypassed by setting a crafted HTTP request header. Recommendations: For Mastodon version 4.1.6, as a temporary workaround, consider restricting access to AP...

PT-2024-2334

Name of the Vulnerable Software and Affected Versions LibHTP versions prior to 0.5.46 Description The issue is related to excessive processing time of HTTP headers, leading to denial of service when crafted traffic is sent. This can be exploited by a remote attacker to cause a denial of service...

SUSE CVE-2011-2766

The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers...

CVE-2022-26616

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting XSS attacks via crafted HTTP headers...

CVE-2020-3117

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...

Input validation

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...

CVE-2020-3117 Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

CVE-2016-6396

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

Cisco Ironport AsyncOS HTTP Header Injection

Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncOS 8.4.0-138 Date: 24/02/2015 Credits: Glafkos Charalambous CVE: CVE-2015-062...

CVE-2014-3985

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service crash via crafted headers that trigger an out-of-bounds read...

Amazon Linux AMI : perl-FCGI (ALAS-2011-05)

The MITRE CVE database describes CVE-2011-2766 as : The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP header...

CVE-2012-5875

Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...

Design/Logic Flaw

Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service service hang via a crafted string in HTTP header fields such as 1 If-Modified-Since, 2 If-None-Match, or 3 If-Unmodified-Since. NOTE: some of these details are obtained from third party...

FreeBSD Ports: firefox

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Apache privilege escalation

Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers...