Lucene search
K

16598 matches found

0day.today
0day.today
added 2023/08/21 12:0 a.m.224 views

Color Prediction Game v1.0 - SQL Injection Vulnerability

Exploit Title: Color Prediction Game v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/21 12:0 a.m.17 views

openSUSE 15 Security Update : python-mitmproxy (openSUSE-SU-2023:0233-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0233-1 advisory. - mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP...

9.8CVSS8AI score0.01093EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.459 views

OVOO Movie Portal CMS v3.3.3 - SQL Injection

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...

7.4AI score
Exploits0
Amazon
Amazon
added 2023/08/21 12:0 a.m.49 views

Medium: tomcat

Issue Overview: A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that...

5.8CVSS8AI score0.09386EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/21 12:0 a.m.18 views

openSUSE 15 Security Update : python-mitmproxy (openSUSE-SU-2023:0232-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0232-1 advisory. - mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP...

9.8CVSS8AI score0.01093EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2023/08/19 7:0 a.m.5 views

HAProxy through 2.0.32 2.1.x and 2.2.x through 2.2.30 2.3.x and 2.4.x through 2.4.23 2.5.x and 2.6.x before 2.6.15 2.7.x before 2.7.10 and 2.8.x before 2.8.2 forwards empty Content-Length headers violating RFC 9110 section 8.6. In uncommon cases an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

...

7.2CVSS7.1AI score0.01815EPSS
Exploits1
Snyk
Snyk
added 2023/08/18 10:44 p.m.1 views

HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

9.8CVSS6.8AI score0.00738EPSS
Exploits0References2
OSV
OSV
added 2023/08/18 10:15 p.m.0 views

DEBIAN-CVE-2023-40175

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

9.8CVSS6.2AI score0.00738EPSS
Exploits0References1
Prion
Prion
added 2023/08/18 10:15 p.m.33 views

Design/Logic Flaw

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

7.5CVSS9.2AI score0.00738EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/08/18 10:15 p.m.31 views

CVE-2023-40175

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

9.8CVSS6.5AI score0.00738EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/08/18 9:50 p.m.42 views

Puma HTTP Request/Response Smuggling vulnerability

Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: Incorrect parsing of trailing fields in...

9.8CVSS6.9AI score0.00738EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/18 9:35 p.m.24 views

CVE-2023-40175 Inconsistent Interpretation of HTTP Requests in puma

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

7.3CVSS9.3AI score0.00738EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/18 9:35 p.m.50 views

CVE-2023-40175 Inconsistent Interpretation of HTTP Requests in puma

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

7.3CVSS9.5AI score0.00738EPSS
Exploits0References2
OSV
OSV
added 2023/08/18 9:35 p.m.32 views

CVE-2023-40175 Inconsistent Interpretation of HTTP Requests in puma

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

7.3CVSS6.4AI score0.00738EPSS
Exploits0References4
CVE
CVE
added 2023/08/18 9:35 p.m.137 views

CVE-2023-40175

CVE-2023-40175 affects the Puma Ruby/Rack web server. The issue arises from how Puma parses chunked transfer encoding bodies and zero-length Content-Length headers, enabling HTTP request smuggling. Affected versions are prior to 6.3.1 and 5.6.7. The vulnerability is fixed in those versions; upgra...

9.8CVSS8.3AI score0.00738EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/18 11:9 a.m.5 views

SUSE-SU-2023:3356-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to LTS version 18.17.1 security fixes: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. -...

9.8CVSS8.2AI score0.01484EPSS
Exploits1References7
RubySec
RubySec
added 2023/08/18 12:0 a.m.34 views

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma

Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: - Incorrect parsing of trailing fields ...

9.8CVSS6.9AI score0.00738EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/17 12:0 a.m.30 views

Fedora 37 : llhttp / python-aiohttp (2023-105880e618)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-105880e618 advisory. Update llhttp to 8.1.1 including a SONAME version bump and ABI break, https://pagure.io/fesco/issue/3049 and python-aiohttp to 3.8.5. Fixes CVE-2023-30589...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References2
OSV
OSV
added 2023/08/16 10:15 p.m.4 views

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

5.3CVSS5.8AI score
Exploits0References1
Veracode
Veracode
added 2023/08/16 12:7 a.m.15 views

HTTP Request Smuggling

tornado is vulnerable to HTTP Request Smuggling. Tornado deviates from HTTP RFCs by interpreting the characters -, +, and in chunk length and Content-Length values. When used behind proxies that interpret non-standard characters differently, which can lead to request smuggling...

6.9AI score
Exploits0
Rows per page
Query Builder