CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

Golang 1.4.3 CVE Fixes | Cloud Foundry

Golang 1.4.3 CVE Fixes Low Vendor Google Versions Affected Golang v1.4.2 and lower Description Several security issues were fixed in Go’s net / http package. The CVE issue descriptions and fixes are linked below: CVE-2015-5739 – ‘Content Length’ treated as valid header:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the 1 conntrack.cgi, 2 index.cgi, 3 logsyslog.cgi, 4 problems.cgi, 5...

CMS from Scratch <= 1.9.1 (fckeditor) Remote File Upload Exploit

Exploit for unknown platform in category web applications ================================================================ CMS from Scratch = 1.9.1 fckeditor Remote File Upload Exploit ================================================================ !/usr/bin/perl...