CVE-2022-1601 User Access Manager < 2.2.18 - IP Spoofing

The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations...

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma

Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: - Incorrect parsing of trailing fields ...

CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...

PT-2023-28741 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers. This issue affects the web interface,...

CVE-2023-37874

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

CVE-2023-37874

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

CVE-2023-37874 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

CVE-2023-37874 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

CVE-2023-37874

CVE-2023-37874 affects WordPress HTTP Headers plugin versions

WordPress plugin HTTP Headers cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

User Access Manager < 2.2.18 - IP Spoofing

Description The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations. PoC Set HTTPXREALIP which is used in checkUserGroupAccess to use an IP from the allowlist...

CVE-2023-29406

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

cve-2023-3519-citrix-scanner This script is a basic Citrix Sc...

CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

Design/Logic Flaw

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

CVE-2022-28734 Out-of-bounds write when handling split HTTP headers

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

Improper Neutralization Of HTTP Headers

Spring HATEOS is vulnerable to Improper Neutralization Of HTTP Headers. The vulnerability is due to not sanitizing or stripping the "Forwarded", "X-Forwarded-Host", "X-Forwarded-Port" or "X-Forwarded-Proto" headers. This can allow an attacker to spoof these headers values thereby bypassing securi...

CVE-2023-34036

CVE-2023-34036 affects reactive Spring WebFlux applications that use Spring HATEOAS to generate hypermedia links. The root cause is improper handling of forwarded headers (Forwarded, X-Forwarded-Host/Port/Proto) by the application stack, which can allow spoofing if there is no trusted proxy or ad...

PT-2023-5211 · Curl +6 · Curl +6

Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.4.0 Description: The issue is related to the handling of HTTP headers by the curl utility. When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl header...