14 matches found
Security Bulletin:IBM Event Streams is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).
Summary IBM Event Streams is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...
X (Formerly Twitter): Bypassing Digits web authentication's host validation with HPP
Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail As described in 108429, the login page has 2 parameters, consumerkey and host. The former identifies which app a user wants to...
使用webscan360的cms厂商通过hpp可使其失效(附cmseasy新版sql注射)
简要描述: 使用webscan360的cms厂商通过hpp使其失效(附cmseasy新版sql注射),思前想后,不知道这个漏洞到底该给360呢 还是给cmseasy 最终还是给了确认神速的cmseasy 详细说明: 默认安装cmseasy最新版本 webscancache.php: $webscanwhiteurl = array'index.php' = 'admindir=admin','index.php' = 'case=file','index.php' ='case=admin'; 然后再看 360webscan.php: if...
Oscommerce 2.3.4 XSS / HPP / File Inclusion
Oscommerce2.3.4 multi Vulnerability 0-Day ========================================= Author : indoushka Vondor : http://www.oscommerce.com/ Dork : Powered by osCommerce ========================================= File inclusion : It seems that this script includes a file which name is determined usi...
Wordpress Plugin spider calendar Multiple Vulnerabilities
No description provided by source. Exploit Title: Wordpress spider calendar Plugin Multiple Vulnerabilities Dork: N/A Date: 02-10-2012 Author: Daniel Barragan D4NB4R Twitter: @D4NB4R Vendor: http://wordpress.org/extend/plugins/spider-calendar/ Version: 1.0.1 License: Non-Commercial Demo:...
ModSecurity <= 2.5.9 (Core Rules <= 2.5-1.6.1) Filter Bypass Vuln
No description provided by source. ======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Cor...
Wordpress Plugin spider calendar Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Wordpress spider calendar Plugin Multiple Vulnerabilities Dork: N/A Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R Vendor: http://wordpress.org/extend/plugins/spider-calendar/ Version: 1.0.1 License: Non-Commercial Demo:...
Sun Java System Communication Express CSRF via HPP
Hello, As a continuation of my advisory about "Sun Java System Communications Express Multiple HTML Injection Vulnerabilities" that can be found here: http://www.securityfocus.com/bid/34083/info, I would like to introduce another potential security threat in the same product and based on my...
CVE-2009-2820
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle 1 HTTP headers and 2 HTML templates, which allows remote attackers to conduct cross-site scripting XSS attacks and HTTP response splitting attacks via vectors related to a...
HTTP Server Parameter Pollution
HTTP Parameter Pollution HPP is a hacking technique. HPP attacks allow the attacker to override or add HTTP GET/POST parameters by injecting query string delimiters. This is an input validation vulnerability. Input validation flaws are caused by unsanitized data flows between the front-end and th...
ModSecurity <= 2.5.9 (Core Rules <= 2.5-1.6.1) Filter Bypass Vuln
No description provided by source. ======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Cor...
ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass
======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Core Rules = 2.5-1.6.1 Author :...
ModSecurity 2.5.9 Filter Bypass
======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Core Rules = 2.5-1.6.1 Author :...
ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass
ModSecurity 2.5.9 Core Rules 2.5-1.6.1 - Filter Bypass ======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9...