484 matches found
Cross site scripting
Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in...
CVE-2019-18265
Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in...
CVE-2019-18265
Digital Alert Systems’ DASDEC software prior to version 4.1 is affected by CVE-2019-18265, an XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the login page’s SSH username field or the HTTP Host header. The injected content is stored in logs and rendered ...
PT-2022-8170 · Digital Alert Systems · Dasdec
Name of the Vulnerable Software and Affected Versions: Digital Alert Systems' DASDEC software versions prior to 4.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The inject...
Digital Alert Systems DASDEC EAS 跨站脚本漏洞
Digital Alert Systems DASDEC EAS is a digital alert system from Digital Alert Systems, Inc. Digital Alert Systems DASDEC EAS suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to inject arbitrary web script or HTML code via the username field of the login...
[Security Nation] James Kettle of PortSwigger on Advancing Web-Attack Research
!\Security Nation\ James Kettle of PortSwigger on Advancing Web-Attack Researchhttps://blog.rapid7.com/content/images/2022/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod talk to James Kettle of PortSwigger. Their discussion includes research for new web-attack technique...
CVE-2022-31814
pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...
CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros
laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...
CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros
laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...
GHSA-C8RP-CGF4-937W mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack
Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...
mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack
Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...
GHSA-8274-H5JP-97VR Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...
HTTP Host Header Attack Vulnerabilities
The package laminas/laminas-diactoros Diactoros is a PSR-7 HTTP Message and PSR-17 HTTP Message Factory implementation, providing HTTP request and response message representations both for making HTTP client requests and responding to HTTP requests server-side. When responding to an incoming...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.
Description Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.
Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...
GHSA-P2J4-VRGX-96QG MODX Revolution XSS via HTTP Host header
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning...
MODX Revolution XSS via HTTP Host header
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning...
Django DNS Rebinding Vulnerability
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...
GHSA-RM2J-X595-Q9CJ Django Vulnerable to Cache Poisoning
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...