ROS-20240719-02

Vulnerability in the makeHttpRequest function of the htdocs/js/ajaxfunctions.js file of the web administration tool LDAP phpLDAPAPadmin is related to inconsistent interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause smuggling of http...

CVE-2024-40642

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

CVE-2024-40642

The CVE-2024-40642 issue affects the Netty incubator codec.bhttp BinaryHttpParser in affected releases, where readRequestHead mis-validates input values. This grants attackers significant control over HTTP requests constructed from parsed output, enabling injection attacks such as HTTP request sm...

CVE-2024-40642 Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

CVE-2024-40642 Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

Absent Input Validation in BinaryHttpParser

Summary BinaryHttpParser does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync...

GHSA-Q8F2-HXQ5-CP4H Absent Input Validation in BinaryHttpParser

Summary BinaryHttpParser does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync...

projectdiscovery/nuclei allows unsigned code template execution through workflows

Summary Find a way to execute code template without -code option and signature. Details write a code.yaml: yaml id: code info: name: example code template author: ovi3 code: - engine: - sh - bash source: | id http: - raw: - | POST /re HTTP/1.1 Host: Hostname coderesponse workflows: - matchers: -...

CVE-2024-20400

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

CVE-2024-20400

CVE-2024-20400 : Cisco Expressway Series web-based management interface vulnerability (Expressway-C/E) allows an unauthenticated, remote attacker to redirect a user to a malicious page due to improper input validation of HTTP parameters. A successful exploit could intercept/modify a user’s HTTP r...

CVE-2024-20429

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

CVE-2024-20429

The CVE-2024-20429 entry concerns Cisco AsyncOS for Secure Email Gateway. Affected component: the web-based management interface. Root cause: insufficient input validation enabling Server-Side Template Injection. Impact: an authenticated user with Operator privileges could remotely execute arbitr...

CVE-2024-20429

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

Cisco Secure Email Gateway Server-Side Template Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

Cisco Expressway Series Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

CVE-2024-31979

Server-Side Request Forgery SSRF vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an...

IBM Datacap Navigator Information Disclosure Vulnerability (CNVD-2024-33363)

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. An information disclosure vulnerability exists in IBM Datacap Navigator that originates from displaying version information in an HTTP request, which can be exploited by an attacker to gather information...

Moderate: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

RHEL 9 : nodejs (RHSA-2024:4559)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4559 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...