16598 matches found
Amazon Linux 2 : golang (ALASGOLANG1.19-2023-002)
The version of golang installed on the remote host is prior to 1.19.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GOLANG1.19-2023-002 advisory. An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/mac...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-012)
The version of tomcat installed on the remote host is prior to 8.5.51-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-012 advisory. The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a...
Ubuntu: Security Advisory (USN-6399-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : nginx (ALASNGINX1-2023-004)
The version of nginx installed on the remote host is prior to 1.18.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2023-004 advisory. NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an...
Ubuntu 23.04 : Puma vulnerability (USN-6399-1)
The remote Ubuntu 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6399-1 advisory. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack...
Amazon Linux 2 : squid (ALASSQUID4-2023-005)
The version of squid installed on the remote host is prior to 4.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2SQUID4-2023-005 advisory. A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smugglin...
RHEL 8 : nodejs:16 (RHSA-2023:5361)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5361 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Denial Of Service
nocodb is vulnerable to Denial Of Service. The vulnerability is due to Improper Input Validation via the Add new table field which can cause a Denial of Service by sending a specially crafted HTTP request...
Medium: nginx
Issue Overview: NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. CVE-2019-20372 Affected Packages: nginx Note: Th...
Apache Shiro < 1.11.0 Authentication Bypass
Apache Shiro before 1.11.0, when using Apache Shiro with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to An...
Important: tomcat
Issue Overview: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat...
CVE-2023-40167
A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...
HTTP Request Smuggling
Jetty is vulnerable to HTTP Request Smuggling. The vulnerability is due to accepting + character proceeding the content-length in the request. This vulnerability can be exploited by the attacker to possibly conduct request smuggling attacks...
File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Node.js vulnerabilities (USN-6380-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6380-1 advisory. Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into...
Exploit for HTTP Request Smuggling in F5 Nginx
CVE-2019-20372 This repository is for educational purposes o...
CVE-2023-40167
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...
Jetty accepts "+" prefixed value in Content-Length
Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smugglin...
curl: CVE-2023-38546: cookie injection with none file
Vulnerability description not provided...
IBM Data Risk Manager 2.0.1 <= 2.0.6.1 Multiple Vulnerabilities (6206875)
The version of IBM Data Risk Manager installed on the remote host is between 2.0.1 and 2.0.6.1. It is, therefore, affected by multiple vulnerabilities: - IBM Data Risk Manager could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a...