18 matches found
EUVD-2003-1410
Malware in sbrugna...
EUVD-2019-9419
Malware in sbrugna...
EUVD-2004-0455
Malware in sbrugna...
EUVD-2015-7808
Malware in sbrugna...
EUVD-2024-0201
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-42353
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing th...
Medium: python-webob
Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...
Mageia: Security Advisory (MGASA-2024-0308)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-19821
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages...
Authentication flaw
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages...
CVE-2019-19821
CVE-2019-19821 affects the Combodo iTop web application. A post‑authentication privilege escalation allows regular authenticated users to access and modify information with administrative privileges due to improper handling of HTTP Location header in server responses. Mitigation per sources is to...
CVE-2015-7910
Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body...
CVE-2003-1420
Cross-site scripting XSS vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header...
CVE-2004-0456
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header...
CVE-2004-0456
Removed by vendor...
Pavuk HTTP Location header overflow
When pavuk sends a request to a web server and the server sends back the HTTP status code 305 Use Proxy, pavuk copies data from the HTTP Location header in an unsafe manner. This leads to a stack-based buffer overflow with control over EIP...
CVE-2003-1420
Cross-site scripting XSS vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Location header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...