CVE-2018-6908

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...

CVE-2018-16307

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name containing a random string is used...

Design/Logic Flaw

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name containing a random string is used...

CVE-2017-14445

An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to...

CVE-2018-11013

Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 CN routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header...

Stack overflow

Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 CN routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header...

CVE-2018-11013

Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 CN routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header...

Cross site scripting

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests...

CVE-2017-14523

WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack...

CVE-2017-14523

WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection that allows host header manipulation to redirect pages. The CVE entry notes exploitation is unlikely because the attack would originate from a local machine or an administrator (self-attack). Public exploit references (Exploit-DB/Pack...

Inflection: HTTP Host Header Injection on app.goodhire.com

Researcher reported an issue that was previously reported by a different researcher and subsequently removed from program scope and then requested that we publicly disclose the report after closing it as a duplicate...

GSA Bounty: Subdomain take-over of {REDACTED}.18f.gov

@jackds discovered a number of related subdomain takeover attacks against some subdomains of 18f.gov. Technically, these domains are out of scope for our Vulnerability Disclosure Policy. We want to remind hackers to please limit their testing to domains explicitly listed in that scope which is...

CVE-2017-10973

In FineCMS before 2017-07-06, application/lib/ajax/getimagedata.php has SSRF, related to requests for non-image files with a modified HTTP Host header...

Server side request forgery (ssrf)

In FineCMS before 2017-07-06, application/lib/ajax/getimagedata.php has SSRF, related to requests for non-image files with a modified HTTP Host header...

CVE-2017-10973

FineCMS before 2017-07-06 is affected by a server-side request forgery (SSRF) in application/lib/ajax/get_image_data.php, related to processing requests for non-image files with a modified HTTP Host header. Root cause appears to be improper handling of user-controlled Host header leading to unint...

CVE-2016-10073

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request...

Design/Logic Flaw

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request...

CVE-2016-10073

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request...

CVE-2016-10073

Vanilla Forums

MODX Revolution Cross-Site Scripting Vulnerability (CNVD-2017-07467)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A cross-site scripting vulnerability exists in versions of MODX Revolution prior to 2.5.7. A remote...