CVE-2021-38751

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

CVE-2021-38751

CVE-2021-38751 describes a host header injection in ExponentCMS 2.6 and earlier, exploitable via the file /exponent_constants.php. A crafted HTTP Host header can cause links on the page to be rewritten to arbitrary values, creating a potential MITM attack vector. The publicly referenced sources (...

CVE-2021-36371

Emissary-Ingress formerly Ambassador API Gateway through 1.13.9 allows attackers to bypass client certificate requirements i.e., mTLS certrequired on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate...

Design/Logic Flaw

Emissary-Ingress formerly Ambassador API Gateway through 1.13.9 allows attackers to bypass client certificate requirements i.e., mTLS certrequired on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate...

CVE-2021-36371

CVE-2021-36371 is reported for Emissary-Ingress (formerly Ambassador API Gateway). The vulnerability allows bypassing client certificate requirements (mTLS cert_required) on backend upstreams when more than one TLSContext exists and any configuration does not require client cert authentication. T...

Machform HTTP Host Header Injection Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. An HTTP host header injection vulnerability exists in versions prior to Machform 16. The vulnerability stems from improper validation of the host header. An attack...

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

Design/Logic Flaw

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

Trojan-Dropper.Win32.Googite.a Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff30fbee3724d80dcb9471c0b553c99a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Googite.a Vulnerability: Unauthenticated Open Proxy Description: Googite malwar...

Design/Logic Flaw

Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS...

CVE-2021-31702

Frontier ichris versions up to 5.18 are affected by a vulnerability where the application mishandles DNS requests for the hostname supplied in the HTTP Host header, potentially enabling a DoS condition as demonstrated by sending 127.0.0.1 repeatedly. The issue stems from how the DNS request is fo...

CVE-2021-31702

Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS...

CVE-2021-25179

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting XSS via the HTTP Host header...

Cross site scripting

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting XSS via the HTTP Host header...

CVE-2021-25179

SolarWinds Serv-U File Server vulnerable to Cross Site Scripting (XSS) via the HTTP Host header in versions before 15.2. The root cause is XSS arising from host header handling. Impact is content integrity/defacement risk on affected deployments; no exploitation details are provided. Remediation:...

CVE-2021-25179

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting XSS via the HTTP Host header...

GHSA-QR9H-VR5P-PWWX Denial of Service (DoS) in restify-paginate

The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception...

Denial of Service (DoS) in restify-paginate

The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception...

Denial Of Service (DoS)

restify-paginate is vulnerable to denial of service. An attacker is able to crash the application by omitting the HTTP Host header in the HTTP request...