885 matches found
MiracleLinux 3 : perl-5.8.8-32.6.0.1.AXS3 (AXSA:2011-563:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-563:02 advisory. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is...
CVE-2021-27404
Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow injection of a Host HTTP header...
CVE-2022-37724
Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...
CVE-2023-50963
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45190
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2024-39736
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
Important: python3-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...
The vulnerability of Autobahn’s library for implementing asynchronous web sockets and RPC interactions stems from insufficient validation and filtering of input data used to construct HTTP headers. This allows attackers to inject arbitrary headers into HTTP responses.
The vulnerability of the library for implementing asynchronous web sockets and RPC interactions in Autobahn is related to insufficient validation and filtering of input data used to construct HTTP headers. Exploiting this vulnerability allows a malicious actor to inject arbitrary headers into HTT...
Linux Distros Unpatched Vulnerability : CVE-2025-60876
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line to be split an...
HTTP Header Injection
Overview Affected versions of this package are vulnerable to HTTP Header Injection via the processing of HTTP headers containing underscores, which are normalized to dashes by certain upstream applications. Authenticated users can escalate privileges by injecting specially crafted XForwarded-...
DEBIAN-CVE-2025-60876
BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...
CVE-2025-60876
CVE-2025-60876 affects BusyBox wget up to 1.3.7. The issue stems from accepting raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target, allowing the request-line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape, a raw s...
CVE-2025-59151
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...
CVE-2025-59151
Pi-hole Admin Interface prior to 6.3 is vulnerable to CRLF injection via redirects on requests for files ending with .lp, allowing an attacker to inject arbitrary HTTP response headers and potentially affect session fixation, cache poisoning, and weakening of CSP or X-XSS-Protection. Root cause: ...
CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...
CVE-2025-61689
HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header...
EUVD-2019-13793
Malware in sbrugna...
EUVD-2020-26266
Malware in sbrugna...
EUVD-2021-2533
Malware in sbrugna...
EUVD-2007-5914
Malware in sbrugna...