41 matches found
Authorization
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
CVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
F5 Networks BIG-IP : TMM vulnerability (K23860356)
iRules performing HTTP header manipulation may cause a denial-of-serviceDoS when processing traffic handled by a virtual server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.CVE-2019-6660 Impact The affected BIG-IP system's Traffic...
CVE-2019-18348
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...
CVE-2019-6631
On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...
CRLF Injection
net/http and net/url in github.com/golang/go are vulnerable to CRLF injection. It does not prevent a HTTP header manipulation with the ‘\r\n sequence in it, allowing a remote attacker to inject arbitrary response headers or body content via the HTTP header...
EUVD-2019-19103
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
CRLF Injection
pypiserver is vulnerable to CRLF injection. A remote attacker is able to inject newline characters %0d%0a into the server response and create arbitrary HTTP headers or perform cross-site scripting attacks. This is due to unescaped values being passed from a client and used directly for redirects...
Design/Logic Flaw
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...
SUSE-SU-2016:1818-1 Security update for apache2
This update for apache2 fixes the following issues: It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...
Joomla Component com_searchlog SQL Injection
No description provided by source. Exploit Title: Joomla Component comsearchlog SQL Injection Date: 05/06/2010 Author: d0lc3 d0lc3xatgmaildomcom Software Link: http://www.kanich.net/radio/site/searchlog/searchlog-download Version: 3.1.0 Tested on: Linux ubuntu32 2.6.32-22-generic x64 Summary: Goo...
[Syhunt Sandcat Browser v4.1] A Penetration-oriented browser (extented to Web Application Assessment)
Sandcat Browser 4 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. Features Live HTTP Headers —...
miniCMS 1.0 / 2.0 Code Execution
Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | sp. Cyb3r-Crystal |...
Cross Site Scripting - Dokumentation, Analyse & Techniken
Document Title: =============== Cross Site Scripting - Dokumentation, Analyse & Techniken References: =========== https://www.vulnerability-lab.com/resources/documents/198.pdf https://de.wikipedia.org/wiki/Cross-SiteScriptingWeblinks ; Release Date: ============= 2011-07-19 Vulnerability Laborato...
Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities Release Date: 2010-07-02 Application:...
Joomla Module Camp26 Visitor Data 1.1 Remote code Execution
Exploit for php platform in category web applications =========================================================== Joomla Module Camp26 Visitor Data 1.1 Remote code Execution =========================================================== Module Camp26 Visitor Data For Joomla 1.5.x Version : 1.1 Type ...
CVE-2006-4111
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...
CVE-2005-2703
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...
CVE-2005-2703
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...
Invision Power Board (IP.Board) < 1.3.1 - Design Error
IP.Board Design Error Vendor: Invision Power Services Product: IP.Board Version: = 1.3.1 Website: http://www.invisionpower.com/ BID: 10559 Description: Invision Power Board IPB is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage ...