CVE-2023-1428 Denial-of-Service in gRPC

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

Total CMS 1.7.4 Shell Upload

Exploit Title: Total CMS 1.7.4 - Remote Code Execution RCE on File Upload Authenticated Date: 03/06/2023 Exploit Author: tmrswrr Version: 1.7.4 Vendor home page : https://www.totalcms.co/ Tested Url : https://www.totalcms.co/demo/soccer/ PLatform : MACOSX 1 Go to this page and click edit page...

CVE-2023-34339

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...

Design/Logic Flaw

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

Katana - A Next-Generation Crawling And Spidering Framework

A next-generation crawling and spidering framework Features • Installation • Usage • Scope • Config • Filters • Join Discord Features Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control -...

Code injection

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

modoboa 2.0.4 - Admin TakeOver

/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Date: 02/10/2023 Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main...

Node.js: Regular Expression Denial of Service in Headers fetch API

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

Medium: xdg-utils

Issue Overview: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches...

Graphicator - A GraphQL Enumeration And Extraction Tool

Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send request...

Denial Of Service (DoS)

curl is vulnerable to Denial of Service DoS. The vulnerability occurs because curl caps chained HTTP compression algorithms on per header basis. This allows an attacker to insert a virtually unlimited number of compression steps simply by using many headers leading to a crash...

Improper Authorization

Symfony is vulnerable to Improper Authorization. The vulnerability exists in Store.php because the HTTP cache system stores all headers, which can potentially be stored and then subsequently returned to other clients, which would allow an attacker to retrieve the victim's session...

GHSA-R6CH-MQF9-QC9W Regular Expression Denial of Service in Headers

Impact The Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize utility function...

SUSE CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

SUSE CVE-2006-2941

Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers"...

SUSE CVE-2014-0082

actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...

Inconsistent Interpretation Of HTTP Requests

varnish:sid is vulnerable to Inconsistent Interpretation of HTTP Requests. An attacker could perform a smuggling attack by requesting certain headers to be made hop by hop on varnish servers which will not allow critical headers to be forwarded to the backend...

Resume Builder <= 3.1.1 - Subscriber+ Stored XSS

The plugin does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users Run the below command in the developer console of the web browser while being on the blog as subscriber...

Information Disclosure

github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists when the data source query cache is enabled, Grafana will cache all headers, including the grafanasession, resulting in any user querying a data source which allows an attacker to acquire another user's...

Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The plugin does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could...