484 matches found
CVE-2018-13257
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...
Design/Logic Flaw
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...
CVE-2018-13257
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service CAS service ticket validation, enabling a phishing attack from the CAS server login page...
CVE-2018-13257
The CVE-2018-13257 vulnerability affects Blackboard Learn (2018-07-02) in the bb-auth-provider-cas authentication module. The issue is HTTP host header spoofing during CAS service ticket validation, enabling a phishing attack from the CAS server login page. Connected records consistently describe...
CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header...
HTTP Host Information via NTLM SSP over HTTP(S)
Binary data httpntlminfo.nbin...
YzmCMS HTTP Host Header Injection Vulnerability
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.3 HTTP host header injection vulnerability. Attackers can use this vulnerability to Web cache poisoning or trigger redirection...
CVE-2019-16532
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections...
CVE-2018-1943
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker t...
Cross site scripting
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker t...
CVE-2018-1943
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker t...
PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2019-35826)
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in the admin/default.php file in PHPMyWind v5.5, which can be exploited by a remote attacker to inject arbitrary Web script or HTML with the help of HTTP...
Design/Logic Flaw
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...
CVE-2019-8435
CVE-2019-8435 affects PHPMyWind v5.5, with an XSS vulnerability in admin/default.php exploitable via an HTTP Host header. The connected documents confirm the vulnerability and describe the impact as cross-site scripting, enabling arbitrary script/HTML injection when a crafted Host header is proce...
CVE-2019-8435
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...
Roxy Fileman 1.4.5 Arbitrary File Download
Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php Version: 1.4.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
CVE-2018-2504
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...
Cross site scripting
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...
Authentication flaw
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header...
Authentication flaw
An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...