484 matches found
CVE-2020-27543
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception...
CVE-2020-27543
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception...
Design/Logic Flaw
eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...
CVE-2020-28031
CVE-2020-28031 affects eramba up to version 2.8.1, where HTTP Host header injection is possible. The impact described is that authenticated users can leverage wkhtml2pdf to print PDFs due to this header manipulation. The provided connected sources confirm the vulnerability description but do not ...
CVE-2020-26161
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
Design/Logic Flaw
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
CVE-2020-26161
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
CVE-2020-10807
authsvc in Caldera before 2.6.5 allows authentication bypass for REST API requests via a forged "localhost" string in the HTTP Host header...
Authentication flaw
authsvc in Caldera before 2.6.5 allows authentication bypass for REST API requests via a forged "localhost" string in the HTTP Host header...
CVE-2020-10792
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...
CVE-2020-10792
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...
Design/Logic Flaw
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...
CVE-2020-10792
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...
CVE-2014-2050
Cross-site request forgery CSRF vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header...
CVE-2014-2050
Cross-site request forgery CSRF vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header...
CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...
Default credentials
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...
CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...
httpd: mod_http2: possible crash on late upgrade
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...