93 matches found
CVE-2022-24775
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...
CVE-2022-24775
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...
CVE-2022-24775
CVE-2022-24775 affects guzzlehttp/psr7 (PHP PSR-7 HTTP message library). Affected versions before 1.8.4 and 2.1.1 are vulnerable to improper header parsing, allowing an attacker to inject newline characters into header names/values. The issue is patched in 1.8.4 and 2.1.1. A follow-up vulnerabili...
CVE-2022-24775 Improper Input Validation in guzzlehttp/psr7
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...
Apache MINA Denial of Service Vulnerability
Apache MINA is a web application framework from the Apache Foundation. A denial-of-service vulnerability exists in Apache MINA, which is caused by improper handling of HTTP message header requests in Apache MINA. An attacker could exploit this vulnerability to potentially cause an infinite loop i...
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) DecryptPasswd Stack-based Buffer Overflow
Binary data trendmicroiwsvacve-2020-28578.nbin...
CVE-2020-28578
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges...
Remote code execution
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges...
Remote code execution
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges...
Juniper Junos SRX Double Free ICAP Redirect DoS RCE (JSA11034)
According to its self-reported version, the Junos OS on the remote device is affected by a double free vulnerability. On Juniper Networks SRX Series with ICAP Internet Content Adaptation Protocol redirect service enabled, this double free vulnerability can lead to a Denial of Service DoS or Remot...
CVE-2020-1654
On Juniper Networks SRX Series with ICAP Internet Content Adaptation Protocol redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service DoS or Remote Code Execution RCE Continued processing of this malformed HTTP message may result in an extended Denial of...
CVE-2020-1654 Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution
On Juniper Networks SRX Series with ICAP Internet Content Adaptation Protocol redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service DoS or Remote Code Execution RCE Continued processing of this malformed HTTP message may result in an extended Denial of...
CVE-2020-1647 Junos OS: SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled
On Juniper Networks SRX Series with ICAP Internet Content Adaptation Protocol redirect service enabled, a double free vulnerability can lead to a Denial of Service DoS or Remote Code Execution RCE due to processing of a specific HTTP message. Continued processing of this specific HTTP message may...
CVE-2019-16785
An HTTP-request vulnerability was discovered in Waitress which implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR."...
GHSA-PG36-WPM5-G57P HTTP Request Smuggling: LF vs CRLF handling in Waitress
Impact Waitress implemented a "MAY" part of the RFC7230 https://tools.ietf.org/html/rfc7230section-3.5 which states: Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR...
CVE-2019-16785 HTTP Request Smuggling: LF vs CRLF handling in Waitress
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end serve...
CVE-2019-13927
A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 All firmware versions V6.00.320, Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules...
Siemens Desigo PX 6.00 Denial Of Service Exploit
!/bin/bash Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit Vendor: Siemens AG Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version: Model: PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D...
[SECURITY] Fedora 27 Update: php-zendframework-zend-diactoros-1.8.4-1.fc27
A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://zendframework.github.io/zend-diactoros/ Autoloader: /usr/share/php/Zend/Diactoros/autoload.php 1...
CVE-2018-6547
playsservice.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extractfiles...