Lucene search
K

41 matches found

Prion
Prion
added 2022/02/06 9:15 p.m.13 views

Authorization

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...

7.5CVSS9.3AI score0.11441EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2022/02/06 8:53 p.m.18 views

CVE-2022-22831

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...

9.6AI score0.11441EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.28 views

F5 Networks BIG-IP : TMM vulnerability (K23860356)

iRules performing HTTP header manipulation may cause a denial-of-serviceDoS when processing traffic handled by a virtual server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.CVE-2019-6660 Impact The affected BIG-IP system's Traffic...

7.5CVSS7.2AI score0.01044EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2019/10/23 4:31 p.m.65 views

CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

6.1CVSS6.7AI score0.03513EPSS
Exploits0
NVD
NVD
added 2019/07/03 6:15 p.m.28 views

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

7.5CVSS7.5AI score0.02531EPSS
Exploits0References3
Veracode
Veracode
added 2019/03/15 1:13 a.m.25 views

CRLF Injection

net/http and net/url in github.com/golang/go are vulnerable to CRLF injection. It does not prevent a HTTP header manipulation with the ‘\r\n sequence in it, allowing a remote attacker to inject arbitrary response headers or body content via the HTTP header...

6.1CVSS6.5AI score0.02346EPSS
Exploits1References9Affected Software6
EUVD
EUVD
added 2019/03/13 3:0 a.m.2 views

EUVD-2019-19103

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS7.6AI score0.05328EPSS
Exploits1References38
Veracode
Veracode
added 2019/01/28 2:45 a.m.27 views

CRLF Injection

pypiserver is vulnerable to CRLF injection. A remote attacker is able to inject newline characters %0d%0a into the server response and create arbitrary HTTP headers or perform cross-site scripting attacks. This is due to unescaped values being passed from a client and used directly for redirects...

6.1CVSS6.2AI score0.03922EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/12/03 7:29 p.m.18 views

Design/Logic Flaw

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...

4.3CVSS6.1AI score0.00798EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2016/07/18 2:6 p.m.16 views

SUSE-SU-2016:1818-1 Security update for apache2

This update for apache2 fixes the following issues: It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...

8.1CVSS8.1AI score0.55724EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

Joomla Component com_searchlog SQL Injection

No description provided by source. Exploit Title: Joomla Component comsearchlog SQL Injection Date: 05/06/2010 Author: d0lc3 d0lc3xatgmaildomcom Software Link: http://www.kanich.net/radio/site/searchlog/searchlog-download Version: 3.1.0 Tested on: Linux ubuntu32 2.6.32-22-generic x64 Summary: Goo...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/09/24 1:41 a.m.12 views

[Syhunt Sandcat Browser v4.1] A Penetration-oriented browser (extented to Web Application Assessment)

Sandcat Browser 4 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. Features Live HTTP Headers —...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/01/23 12:0 a.m.20 views

miniCMS 1.0 / 2.0 Code Execution

Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | sp. Cyb3r-Crystal |...

Exploits0
Vulnerability Lab
Vulnerability Lab
added 2011/07/19 12:0 a.m.17 views

Cross Site Scripting - Dokumentation, Analyse & Techniken

Document Title: =============== Cross Site Scripting - Dokumentation, Analyse & Techniken References: =========== https://www.vulnerability-lab.com/resources/documents/198.pdf https://de.wikipedia.org/wiki/Cross-SiteScriptingWeblinks ; Release Date: ============= 2011-07-19 Vulnerability Laborato...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2010/07/03 12:0 a.m.77 views

Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities Release Date: 2010-07-02 Application:...

7.5CVSS0.1AI score0.01834EPSS
Exploits3
0day.today
0day.today
added 2010/05/11 12:0 a.m.35 views

Joomla Module Camp26 Visitor Data 1.1 Remote code Execution

Exploit for php platform in category web applications =========================================================== Joomla Module Camp26 Visitor Data 1.1 Remote code Execution =========================================================== Module Camp26 Visitor Data For Joomla 1.5.x Version : 1.1 Type ...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2006/08/14 9:4 p.m.23 views

CVE-2006-4111

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

7.5CVSS6AI score0.02214EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2005/09/23 7:3 p.m.21 views

CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

5CVSS5.9AI score0.01789EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/09/23 4:0 a.m.22 views

CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

6.5AI score0.01789EPSS
Exploits0References31
Exploit DB
Exploit DB
added 2004/05/04 12:0 a.m.30 views

Invision Power Board (IP.Board) < 1.3.1 - Design Error

IP.Board Design Error Vendor: Invision Power Services Product: IP.Board Version: = 1.3.1 Website: http://www.invisionpower.com/ BID: 10559 Description: Invision Power Board IPB is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage ...

7.4AI score
Exploits0
Rows per page
Query Builder