Linux Distros Unpatched Vulnerability : CVE-2025-66577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to...

CVE-2023-34329

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...

CVE-2023-34329 Authentication Bypass via HTTP Header Spoofing

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...

CVE-2023-34329 Authentication Bypass via HTTP Header Spoofing

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...

CVE-2023-34329

CVE-2023-34329 affects AMI MegaRAC SP-X BMC (SPx12). The vulnerability enables authentication bypass by spoofing the HTTP header, potentially compromising confidentiality, integrity and availability. Documented impact is that an attacker with appropriate access could bypass authentication to perf...

PT-2023-24816

Name of the Vulnerable Software and Affected Versions AMI MegaRAC SPx12 affected versions not specified Description The issue allows a user to bypass authentication by spoofing the HTTP header, potentially leading to loss of confidentiality, integrity, and availability. This is achieved by...

CVE-2022-2877

CVE-2022-2877 affects the WordPress Titan Anti-spam & Security plugin prior to 7.3.1. The root cause is improper validation of HTTP headers used to verify the origin IP, allowing an attacker to bypass the plugin’s block feature by spoofing headers (e.g., X-Forwarded-For). The CVSSv3.1 vector is N...

CVE-2022-1762

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

Debian DLA-1399-1 : ruby-passenger security update

Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible. CVE-2015-7519 Remote attackers could spoof headers passed to applications by usin...

[SECURITY] [DLA 1399-1] ruby-passenger security update

Package : ruby-passenger Version : 4.0.53-1+deb8u1 CVE ID : CVE-2015-7519 CVE-2018-12029 Debian Bug : 864651 Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under...

Debian DLA-394-1 : passenger security update

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

DLA-394-1 passenger - security update

Bulletin has no description...

CVE-2015-0219

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

CuteNews 1.4.0 remote code execution

CuteNews 1.4.0 possibly prior versions remote code execution software: site: http://cutephp.com/ description: "Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup...

osCommerce 2.2 - Authentication Bypass

osCommerce 2.2 - Authentication Bypass source: https://www.securityfocus.com/bid/7357/info osCommerce has been reported prone to authentication bypass vulnerability. It has been reported that osCommerce uses HTTP header information as a part of its authentication mechanism. Reportedly an attacker...

osCommerce 2.2 - Authentication Bypass

source: https://www.securityfocus.com/bid/7357/info osCommerce has been reported prone to authentication bypass vulnerability. It has been reported that osCommerce uses HTTP header information as a part of its authentication mechanism. Reportedly an attacker may spoof parts of the HTTP header and...