16600 matches found
CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
CVE-2023-37276
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
CVE-2023-37276
CVE-2023-37276 affects aiohttp when used as an HTTP server (aiohttp.Application); vulnerable code is in the llhttp-based HTTP request parser bundled with aiohttp v3.8.4 and earlier. Exploitation can lead to HTTP request smuggling. The issue is addressed in aiohttp 3.8.5; upgrading is recommended....
aiohttp 环境问题漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An environment issue vulnerability exists in aiohttp v3.8.4 and earlier versions that stems from easy HTTP request smuggling through the llhttp HTTP request parser...
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit
Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...
Important: nodejs
Issue Overview: The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please no...
CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS)
Exploit Title: CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting XSS Application: CmsMadeSimple Version: v2.2.17 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author: Mirabbas...
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Date: 16 July 2023 Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024...
Fedora 37 : nodejs18 (2023-6b866fbe84)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6b866fbe84 advisory. 2023-06-20, Version 18.16.1 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...
CVE-2023-37477
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
Command injection
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
1Panel command injection vulnerability in Firewall ip functionality
Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Details 1Panel firewall functionality /hosts/firewall/...
GHSA-P9XF-74XH-MHW5 1Panel command injection vulnerability in Firewall ip functionality
Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Details 1Panel firewall functionality /hosts/firewall/...
CVE-2023-37477 Command injection in firewall ip functionality in 1Panel
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
CVE-2023-37477 Command injection in firewall ip functionality in 1Panel
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
CVE-2023-37477 Command injection in firewall ip functionality in 1Panel
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...
Exploit for Double Free in Xhttp_Project Xhttp
CVE-2023-38434 xHTTP commit 72f812d and below suffers from a...
Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites
Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 CVSS score: 9.8, is a case of authentication bypass that enables unauthenticated attackers to...
CVE-2023-38434
xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...