16591 matches found
CVE-2023-49282 Test code in published microsoft-graph package exposes phpinfo()
msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...
ownCloud Phpinfo Reader
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...
CVE-2022-29361
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...
Exploit for HTTP Request Smuggling in Apache Http_Server
CVE-2023-25690 Mô tả CVE-2023-25690: - Một vài cấu hình mod...
HTTP request body disclosure in github.com/go-resty/resty/v2
...
Security Bulletin: Tornado is vulnerable to 263690 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses tornado, which is vulnerable to 263690. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 263690 DESCRIPTION: Tornado Web Server is vulnerable to HTTP request smuggling, caus...
The vulnerability of the aiohttp HTTP client, related to the failure to handle CRLF sequences for line termination, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the aiohttp HTTP client is related to the lack of measures taken to neutralize CRLF sequences. Exploiting this vulnerability allows an attacker, operating remotely, to send hidden HTTP requests HTTP Request Smuggling attack...
CVE-2023-49081
A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts...
CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
Design/Logic Flaw
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
PYSEC-2023-250
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-49081
CVE-2023-49081 affects aiohttp (HTTP header/HTTP version validation issues) with remediation across multiple vendors: Debian advisories show fixes for python-aiohttp (Debian 11 bullseye: 3.7.4-1+deb11u1; DSA-5828-1 fixes to 3.8.4-1+deb12u1), IBM Storage Fusion bulletin requires upgrading to 2.8.0...
CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-49094
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
CVE-2023-49094
Symbolicator (the symbolication service) is affected by a Server-Side Request Forgery (SSRF) where a specially crafted HTTP endpoint can trigger the service to send arbitrary GET requests to internal IPs. The attacker could have the response reflected back if they have an account on the Sentry in...
SUSE CVE-2023-45286
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...
CVE-2023-49082
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...