Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

CVE-2024-45256

CVE-2024-45256 affects BYOB (Build Your Own Botnet) 2.0. The issue is an arbitrary file write in the exfiltration endpoint (file_add in api/files/routes.py) that lets unauthenticated attackers overwrite SQLite databases and bypass authentication via a crafted HTTP parameter. Several sources confi...

CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

CVE-2024-7954

Affected software: SPIP CMS with the porte_plume plugin (versions before 4.30-alpha2, 4.2.13, and 4.1.16). Vulnerability: Unauthenticated remote code execution via crafted HTTP requests to porte_plume_previsu, allowing execution of arbitrary PHP as the SPIP user. Impact: Potential full server com...

K000140787: Gunicorn vulnerability CVE-2024-1135

Security Advisory Description Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This iss...

Spring Framework < 5.3.39 / 6.0.x < 6.0.23 / 6.1.x < 6.1.12 HTTP Request DoS (CVE-2024-38809)

The remote host contains a Spring Framework version prior to 5.3.39, 6.0.x prior to 6.0.23, or 6.1.x prior to 6.1.12. It is, therefore, affected by an HTTP Request DoS vulnerability: - Applications that parse ETags from 'If-Match' or 'If-None-Match' request headers are vulnerable to DoS attack...

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2015-5739 DESCRIPTION: Go is vulnerable to HTTP request smuggling, caused by a flaw in net/http library in net/textproto/reader.go. By sendin...

Server Side Request Forgery (SSRF)

ckan is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused due to CKAN plugins like XLoader, DataPusher, Resource proxy and ckanext-archiver not validating the resource URLs while making HTTP request to access the remote resources. This can lead to a malicious or unaware...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2270)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Event Registration and Attendance System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

GO-2023-1707 HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation in github.com/hashicorp/nomad

HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation in github.com/hashicorp/nomad...

OESA-2024-1986 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1...

Tenda FH1206 Command Execution Vulnerability

Tenda FH1206 is a dual-band wireless router from Tenda, designed for large homes with fiber optics. The Tenda FH1206 suffers from a command execution vulnerability that originates from an arbitrary command execution vulnerability contained in the handler parameter of the /goform/telnet file, whic...

ROS-20240816-16

A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...

ROS-20240816-03

Vulnerability of HTTP Daemon is related to inconsistent interpreting of HTTP requests when processing 'Content-Length' string values. when processing 'Content-Length' string values. Exploitation of the vulnerability could allow an attacker, acting remotely, to escalate their privileges by sending...