F5 Networks BIG-IP : Grub2 vulnerability (K000130541)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000130541 advisory. - grub2: Out-of-bound write when handling split HTTP headers CVE-2022-28734 Note that Nessus has not tested for this...

Apache Tomcat vulnerable to information leak

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS message would be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

Apache Tomcat 11.0.0-M1 < 11.0.0-M6

The version of Tomcat installed on the remote host is prior to 11.0.0-M6. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.0-m6security-11 advisory. - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, ...

HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This plugin allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. --- " and Password as any value. 4. Navigate to Settings HTTP Headers Advanced settings and set the "Location of .hh-htpasswd" field to its previous value this is only required on...

HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This plugin allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. PoC --- HTTP Headers Advanced settings and set the "Location of .hh-htpasswd" field to its previous value this is only required on Apache-based servers in order to reset a rule in...

Chrome Logger Information Disclosure

Chrome Logger is a Google Chrome extension used to debug server side applications in the Chrome console. By installing the extension in their Chrome browser and a server-side library on their application, developers can retrieve the configured debug information directly in Chrome. As Chrome Logge...

CVE-2023-3140

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

Design/Logic Flaw

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

CVE-2023-3140

CVE-2023-3140 affects KNIME Business Hub prior to 1.4.0. The root cause is a missing HTTP security header set (X-Frame-Options and Content-Security-Policy), enabling clickjacking where an attacker can embed the app in a malicious page and trick users into actions on the original site. Impact deta...

The vulnerability of the ABB eSOMS software for managing production processes allows a hacker to gain unauthorized access to protected information.

The vulnerability of the ABB eSOMS production process management software is related to errors in the Cache-Control and Pragma headers of HTTP responses. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Fixed in Apache Tomcat 10.1.9

Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...

EulerOS 2.0 SP10 : haproxy (EulerOS-SA-2023-1954)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka 'request...

CVE-2023-1207

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

Sql injection

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

CVE-2023-1207 HTTP Headers < 1.18.8 - Admin+ SQL Injection

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

CVE-2023-1207

CVE-2023-1207 affects the HTTP Headers WordPress plugin, prior to version 1.18.8. The import feature can execute arbitrary SQL on the server, causing an SQL Injection vulnerability. Public sources (NVD/Red Hat/Patchstack) confirm the issue and indicate a patch: update to 1.18.8 or later to mitiga...

CVE-2023-1207 HTTP Headers < 1.18.8 - Admin+ SQL Injection

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...