XSS @ Stop Words

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code 1: $ajaxAction = Filter::filterInputINPUTGET, 'ajaxaction', FILTERUNSAFERAW; $instanceId =...

GHSA-5GG7-5WV8-4GCJ Undertow Request Smuggling vulnerability

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling...

CVE-2021-20844

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive...

Input validation

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive...

Bosch IP cameras input validation error vulnerability

Bosch IP cameras is a German Bosch web camera. Bosch IP cameras is vulnerable to an input validation error that could be exploited by an attacker to inject arbitrary HTTP request headers via a crafted URL...

CVE-2020-4828

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842...

Input validation

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842...

CVE-2020-4896

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...

Input validation

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...

CVE-2020-4896

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...

CVE-2020-4896

CVE-2020-4896 affects IBM Emptoris Sourcing versions 10.1.0.x, 10.1.1.x, and 10.1.3.x. The root cause is improper input validation that allows manipulating HTTP request headers to perform a web cache poisoning attack. Public references (NVD, CNVD, and IBM bulletin) confirm the vulnerability and a...

CVE-2020-8201

A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...

CVE-2020-14500

The discovered bug occurs due to improper handling of some of the HTTP request headers provided by the client. This could allow an attacker to remotely exploit GateManager to achieve remote code execution without any authentication required. If carried out successfully, such an attack could resul...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902 F5 BIG-IP devices Summary: A Zeek detec...

Cisco Web Security Appliance (WSA) GUI Denial of Service Vulnerability

According to its self-reported version, the Cisco Web Security Appliance is affected by a Denial of Service vulnerability. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an...

Input validation

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Security Management Appliance SMA could allow an unauthenticated remote attacker to cause high CPU usage on an affected device,...

Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-4213-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4213-1 advisory. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use thi...

Microsoft Edge Fetch API Arbitrary Header Setting Vulnerability

Exploit for windows platform in category remote exploits ------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 20...

Microsoft Edge Fetch API Arbitrary Header Setting

------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 2017...

(0Day) Wavelink Emulation ConnectPro TermProxy WLTermProxyService.exe HTTP Request Headers Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation ConnectPro TermProxy. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of HTTP requests in WLTermProxyService.exe listening by...