WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)

Software HTTP Headers Type Plugin Vulnerable versions = 1.18.11 Fixed in 1.19.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2023-37978 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 0923ddb0050e Credits emad...

CVE-2023-1208

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

Remote code execution

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

CVE-2023-1208 HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

CVE-2023-1208 HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cross Site Scripting (XSS)

Software HTTP Headers Type Plugin Vulnerable versions = 1.18.11 Fixed in 1.19.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-37874 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9021e283fb63 Credits emad Required privilege Administrator...

PT-2023-16821 · WordPress · Http Headers

Name of the Vulnerable Software and Affected Versions: HTTP Headers WordPress plugin versions prior to 1.18.11 Description: The issue allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution. Recommendations: For versions prior to 1.18.11, update to version 1.18....

Debian dla-3487 : fusiondirectory - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3487 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3487-1 [email protected]...

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affects App Connect Professional.

Summary App Connect Professional have addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when a response did not have any HTTP...

CVE-2023-26137

The CVE-2023-26137 entry concerns drogOnframework/drogon (C++) and describes an HTTP Response Splitting vulnerability. Untrusted user input used to build header values in addHeader/addCookie can inject CRLF sequences (\r\n) to terminate HTTP headers and inject malicious content. The threat is des...

Drogon 注入漏洞

Drogon is an open source HTTP application framework based on C++14/17. Drogon can be used to easily build various types of web application server programs using C++. A security vulnerability exists in Drogon that stems from a CRLF injection issue that allows an attacker to add rn characters and...

Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...

GHSA-JPGW-2R9M-8QFW Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...

CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

CVE-2023-36809 Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

CVE-2023-34472

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity...

Crlf injection

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity...

CVE-2023-34472

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity...

WordPress HTTP Headers Plugin < 1.18.11 is vulnerable to Remote Code Execution (RCE)

Software HTTP Headers Type Plugin Vulnerable versions 1.18.11 Fixed in 1.18.11 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1208 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d18b01c455ff Credits qerogramat Kakao Style Corp. Required...

Apache Tomcat 9.0.74 Information Disclosure

The version of Apache Tomcat installed on the remote host is 8.5.88, 9.0.74, 10.1.8 or 11.0.0-M5. The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which i...