CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

CVE-2024-47220

The CVE-2024-47220 issue affects the WEBrick toolkit in Ruby (through 1.8.1). It enables HTTP request smuggling by sending both Content-Length and Transfer-Encoding in the same request, e.g., a crafted GET line embedded in a POST request. The advisory notes WEBrick should not be used in productio...

PT-2024-32484 · Ruby +4 · Webrick +4

Name of the Vulnerable Software and Affected Versions: WEBrick toolkit versions through 1.8.1 Description: An issue was discovered in the WEBrick toolkit for Ruby, allowing HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header. This can be achieved, for...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in urllib3-1.26.18-py2.py3-none-any.whl

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of urllib3-1.26.18-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip...

CVE-2024-45410

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

CVE-2024-8651

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

CVE-2024-8651

CVE-2024-8651 — NetCat CMS: user enumeration involves a vulnerability where an attacker can send a specially crafted HTTP request to check whether a user exists in the system. Affected are NetCat CMS versions around 6.4.0.24126.2 up to 6.4.0.24247, with a patch available starting from 6.4.0.24248...

CVE-2024-8651 Netcat CMS: user enumeration

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

CVE-2024-8651 Netcat CMS: user enumeration

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

MegaSys Computer Technologies Telenium Online Web Application (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : MegaSys Computer Technologies Equipment : Telenium Online Web Application Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...

NetCat CMS 安全漏洞

NetCat CMS is a content management system from NetCat, Inc. A security vulnerability exists in NetCat CMS prior to version 6.4.0.24248. An attacker exploiting this vulnerability could send a specially crafted http request to check for the presence of a user on the system...

Security Bulletin: Vulnerabilities in GoLang Go and Kubernetes affect IBM watsonx.data

Summary Kubernetes vulnerabilities could allow a local authenticated attack to obtain sensitive information and could allow a denial of service attack. GoLang Go could allow denial of service attacks, HTTP request smuggling, HTML injections, local attacks to execute arbritray code execution, and...

Next.js Cache Poisoning

Impact By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a...

CVE-2024-46982 Cache Poisoning in next.js

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....

CVE-2024-46982 Cache Poisoning in next.js

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....

CVE-2024-46982

CVE-2024-46982 affects Next.js pages router SSR caching: crafted requests can poison non-dynamic SSR routes (e.g., pages/dashboard.tsx) and lead to caching of sensitive responses with Cache-Control: s-maxage=1, stale-while-revalidate, potentially spreading via upstream CDNs. Affected versions are...

CVE-2024-46982 Cache Poisoning in next.js

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....

Fortinet FortiAnalyzer Authorization Bypass (FG-IR-23-204)

The remote host is running a version of FortiAnalyzer that is 6.2.x, 6.4.x, 7.0.x, 7.2.x through 7.2.4, or 7.4.x through 7.4.1. It is, therefore, affected by an authorization bypass vulnerability through user-controlled key CWE-639 vulnerability that may allow a remote attacker with low privilege...

Fortinet FortiManager Authorization Bypass (FG-IR-23-204)

The remote host is running a version of FortiManager that is 6.2.x, 6.4.x 7.0.x, 7.2.x through 7.2.4, or 7.4.x through 7.4.1. It is, therefore, affected by an authorization bypass vulnerability through user-controlled key CWE-639 vulnerability that may allow a remote attacker with low privileges ...

Sony Network Cameras OS Command Injection (CVE-2018-3937)

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this...