CVE-2019-19000

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP headers have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information...

CVE-2019-18657

ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function...

CVE-2019-14458

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header...

CVE-2019-14457

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header...

CVE-2019-13169

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device...

CVE-2019-12131

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USERID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected...

CVE-2018-16979

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...

CVE-2019-10892

An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnapmain at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a...

CVE-2017-14037

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability...

CVE-2017-14194

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14195

The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...

CVE-2012-3829

Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header...

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2019-4326

"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."...

CVE-2019-25101

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...

CVE-2015-9472

The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header...

CVE-2010-4235

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...

CVE-2012-2212

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...

CVE-2018-8863

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information...

CVE-2018-9934

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control...