HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This plugin allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. PoC --- HTTP Headers Advanced settings and set the "Location of .hh-htpasswd" field to its previous value this is only required on Apache-based servers in order to reset a rule in...

Chrome Logger Information Disclosure

Chrome Logger is a Google Chrome extension used to debug server side applications in the Chrome console. By installing the extension in their Chrome browser and a server-side library on their application, developers can retrieve the configured debug information directly in Chrome. As Chrome Logge...

CVE-2023-3140

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

Design/Logic Flaw

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

CVE-2023-3140

CVE-2023-3140 affects KNIME Business Hub prior to 1.4.0. The root cause is a missing HTTP security header set (X-Frame-Options and Content-Security-Policy), enabling clickjacking where an attacker can embed the app in a malicious page and trick users into actions on the original site. Impact deta...

CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking

Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...

The vulnerability of the ABB eSOMS software for managing production processes allows a hacker to gain unauthorized access to protected information.

The vulnerability of the ABB eSOMS production process management software is related to errors in the Cache-Control and Pragma headers of HTTP responses. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Fixed in Apache Tomcat 10.1.9

Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...

EulerOS 2.0 SP10 : haproxy (EulerOS-SA-2023-1954)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka 'request...

CVE-2023-1207

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

Sql injection

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

CVE-2023-1207

CVE-2023-1207 affects the HTTP Headers WordPress plugin, prior to version 1.18.8. The import feature can execute arbitrary SQL on the server, causing an SQL Injection vulnerability. Public sources (NVD/Red Hat/Patchstack) confirm the issue and indicate a patch: update to 1.18.8 or later to mitiga...

CVE-2023-1207 HTTP Headers < 1.18.8 - Admin+ SQL Injection

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

CVE-2023-1207 HTTP Headers < 1.18.8 - Admin+ SQL Injection

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...

WordPress plugin HTTP Headers SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

EulerOS 2.0 SP9 : haproxy (EulerOS-SA-2023-1845)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka 'request...

Fixed in Apache Tomcat 9.0.75

Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...

K000133759: Python vulnerability CVE-2020-26116

Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...

EulerOS Virtualization 3.0.2.0 : grub2 (EulerOS-SA-2023-1722)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to...