CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

CVE-2021-21743

ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request...

[SECURITY] Fedora 33 Update: haproxy-2.2.17-1.fc33

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

The vulnerability of the ExponentCMS content management system lies in the lack of mechanisms for encoding or shielding output data, allowing attackers to compromise the integrity of the protected information.

The vulnerability of the ExponentCMS content management system is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information by modifying the HTTP headers...

CVE-2021-32070

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users...

python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

CVE-2019-19326

CVE-2019-19326 affects SilverStripe CMS up to release 4.4.4 where HTTP Cache Headers enabled in the framework’s HTTP layer can be abused to poison web caches. By manipulating headers such as X-Original-Url and X-HTTP-Method-Override, an attacker can cause cached responses to include malicious HTT...

[SECURITY] Fedora 30 Update: haproxy-1.8.23-1.fc30

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Cisco Adaptive Security Appliance Software DoS (cisco-sa-20181003-asa-syslog-dos)

According to its self-reported version, the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and allows an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to a...

Header Forgery in http-signature

Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...

Pebble Smartwatch Device Spoofing Vulnerability

Pebble Smartwatch devices is a smartwatch from the American company Pebble. A security vulnerability exists in Pebble Smartwatch devices version 4.3 and earlier, which stems from the program's failure to properly handle UUID storage. An attacker can read arbitrary application flash memory and...

Header Forgery

Overview Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature...

Acal calendar 2.2.6 CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Acal calendar Multiple Vulns Date: 11-03-2012 Author: Number 7 Software Link: http://sourceforge.net/projects/acalproj/files/latest/download?source=directory Version: 2.2.6 Dork: "Calendar Admin: Edit Header and Footer" Tested o...

Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution 969706 Published: July 28, 2009 Version: 1.0 General Information Executive Summary This security update addresses several privately reported vulnerabilities i...

Format string

The driveinit function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted...

CVE-2008-2004

CVE-2008-2004 concerns QEMU up to 0.9.1 where drive_init determines the raw-disk image format from the header. By altering the header to identify a different format, a local guest user can cause the host to disclose arbitrary host files when the guest is restarted. The vulnerability is tied to QE...

security flaw

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

phpBB 2.0.21 Full Path Disclosure

------------------------------------------------------------------- phpBB 2.0.21 Full Path Disclosure ------------------------------------------------------------------- Discovered By zero Moroccan Security Team ------------------------------------------------------------------- Details Software:...

CVE-2006-0183

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...