AZL-52449 CVE-2024-9681 affecting package tensorflow for versions less than 2.16.1-7

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

DEBIAN-CVE-2024-9681

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

UBUNTU-CVE-2024-9681

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

Server-Side Request Forgery in Request

The request package through 2.88.2 for Node.js and the @cypress/request package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect HTTP to HTTPS, or HTTPS to HTTP. NOTE: The request package is no longer supported by the maintain...

SUSE CVE-2016-9071

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

SUSE CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

CentOS: Security Advisory for python-virtualenv (CESA-2020:0851)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

FlexAir Access Control 2.3.38 Command Injection

!/bin/bash Command injection with root privileges in FlexAir Access Control Prima Systems Firmware version: $OUTPUTFILE" Command injection payload. Be careful with single quotes! PAYLOAD="" Perform exploit echo "Executing: $CMD" curl --silent --output /dev/null -X POST -d "$PAYLOAD"...

GHSA-6C7V-2F49-8H26 Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

CVE-2016-9071

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

Design/Logic Flaw

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

CVE-2016-9071

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox 50...

CVE-2015-5152

CVE-2015-5152 affects Foreman versions 1.1 through 1.9.0-RC1, where HTTP requests are not redirected to HTTPS when require_ssl is true, enabling a MITM to capture credentials. Root cause is lack of HTTP-to-HTTPS redirection under the require_ssl setting. Impact is credential leakage via network a...

LocalTapiola: Non-secure requests to www.lahitapiola.fi are not automatically upgraded to HTTPS

To reproduce, send a HEAD request to http://www.lahitapiola.fi like so: curl -I http://www.lahitapiola.fi HTTP/1.1 301 Moved Permanently Date: Fri, 19 Aug 2016 22:11:59 GMT Location: http://www.lahitapiola.fi/henkilo Cache-Control: max-age=60 Expires: Fri, 19 Aug 2016 22:12:59 GMT Content-Type:...

HackerOne: Non-secure requests are not automatically upgraded to HTTPS

Non-secure requests to hackerone.com e.g. http://hackerone.com are not automatically upgraded to HTTPS. This is not something you would notice when you use the latest version of modern web browsers such as Google Chrome or Firefox, because hackerone.com is HSTS preloaded. When a domain is...

New Relic: Insecure transition from HTTP to HTTPS in form post

Vulnerability description:- This form is served from an insecure page http page. This page could be hijacked using a Man-in-the-middle attack and an attacker can replace the form target. This vulnerability affects:- /selfies/submit. attack details:- Form name: "form144" Form action:...

DFLabs PTK 1.0.5 Cross Site Request Forgery

+---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : DFLabs PTK = 1.0.5 Multiple Vulnerabilities Steal Authentication Credentials Date : 22-02-2012 Author : Ivano Binetti...

DFLabs PTK <= 1.0.5 Multiple Vulnerabilities

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : DFLabs PTK = 1.0.5 Multiple Vulnerabilities Steal Authentication Credentials...