25 matches found
EUVD-2017-17734
Malware in sbrugna...
EUVD-2016-0002
Malware in sbrugna...
EUVD-2024-0401
Malicious code in bioql PyPI...
CVE-2025-25184
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...
CVE-2024-23828
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
Design/Logic Flaw
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
CVE-2024-23828
Summary: CVE-2024-23828 affects Nginx-UI, a web interface for Nginx configuration. An authenticated attacker can achieve arbitrary command execution by abusing CRLF in configuration fields (test_config_cmd or start_cmd), due to an incomplete fix for CVE-2024-22197/22198. The issue is capped at hi...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
Input validation
User’s supplied input usually a CRLF sequence can be used to split a returning response into two responses...
OPENSUSE-SU-2019:1760-1 Security update for python-Twisted
This update for python-Twisted fixes the following issue: Security issue fixed: - CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks bsc1137825. This update was imported from the SUSE:SLE-15:Update update project...
CVE-2017-8791
An issue was discovered on Accellion FTA devices before FTA912180. There is a home/seos/courier/login.html authparams CRLF attack vector...
CVE-2017-8791
An issue was discovered on Accellion FTA devices before FTA912180. There is a home/seos/courier/login.html authparams CRLF attack vector...
CVE-2017-8791
CVE-2017-8791 affects Accellion FTA devices prior to FTA_9_12_180. The vulnerability is a CRLF injection in the login page parameter path: home/seos/courier/login.html auth_params, allowing a remote attacker to trigger a CRLF-based attack. Public sources in CNVD/NVD confirm a remote-exploitation ...
MGASA-2017-0031 Updated python-bottle packages fix security vulnerability
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call. CVE-2016-9964...
Updated python-bottle packages fix security vulnerability
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call. CVE-2016-9964...
DSA-3743-1 python-bottle - security update
Bulletin has no description...
Carriage Return And Line Feed (CRLF)
bottle is vulnerable to carriage return and line feed CRLF attacks. It doesn't filter a "\r\n" sequence, which can lead to a CRLF attacks...
Design/Logic Flaw
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
PYSEC-2016-24
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...