BIT-CODEIGNITER-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

BIT-APACHE-2022-22720 HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

BIT-GHOST-2022-41654

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability...

BIT-GHOST-2022-41697

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability...

BIT-APACHE-2022-26377 mod_proxy_ajp: Possible request smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

BIT-GHOST-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

BIT-APACHE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

BIT-APACHE-2023-25690 Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

HTTP Request Smuggling

Modern web applications are often deployed with a chain of HTTP servers which ensure the transmission of the HTTP traffic from users to the service. Typical deployments include the usage of a front-end server, usually a load balancer or a reverse proxy, which will then transmit the requests to on...

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability

Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1. Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affecte...

Customer Support System 1.0 SQL Injection

Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal

KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality due to [CVE-2023-39326]

Summary The operator and some binary components within IBM App Connect Enterprise Certified Container are implemented in Golang. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the...

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-40167]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-40167. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the...

squid: denial of service in HTTP request parsing

A flaw was found in Squid, which is susceptible to a Denial of Service DoS due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

tomcat: HTTP request smuggling via malformed trailer headers

An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-23: Relative Path Traversal CVE ID: CVE-2024-2053 2. Vulnerability Description The Artica Proxy administrative web application attempts to...