CVE-2023-50963

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

Cross site scripting

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2023-50963

IBM Storage Defender – Data Protect versions 1.0.0–1.4.1 are vulnerable to HTTP header injection due to improper validation of HOST headers, enabling attacks such as cross-site scripting, cache poisoning, or session hijacking as described in IBM X-Force/Red Hat advisories. Remediation: IBM recomm...

CVE-2023-50963 IBM Storage Defender HTTP HOST header injection

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2023-50963 IBM Storage Defender HTTP HOST header injection

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

WordPress Backup Migration 1.3.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Backup Migration Plugin PHP Filter Chain RCE', 'Description' = %q This module exploits an unauth RCE in the WordPress plugin: Backup...

PT-2024-14033 · Ibm · Ibm Storage Defender - Data Protect

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Data Protect versions 1.0.0 through 1.4.1 Description: The issue is caused by improper validation of input by the HOST headers, leading to HTTP header injection. This could allow an attacker to conduct various attacks...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF028 and 23.0.1-IF006. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...

WordPress Manutenção < 1.0.7 - IP Spoofing to Maintenance Mode Bypass

Description The plugin is vulnerable to IP Spoofing due to insufficient validation of IP addresses, allowing unauthenticated attackers to bypass the plugin's maintenance mode restriction via the 'X-Forwarded-For' HTTP header...

EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2023-3315)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for...

CVE-2023-52274

member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header...

CVE-2023-52274

member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header...

CVE-2023-52274

CVE-2023-52274 affects YzmCMS versions 6.5–7.0, where a cross-site scripting (XSS) vulnerability exists in member/index/register.html via the Referer HTTP header. The CNVD/NVD/OSV/CVE entries describe the root cause as insufficient filtering/escaping of user-supplied data in the Referer header, e...

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...

Medium: squid

Issue Overview: Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to...

Security Bulletin: IBM Operational Decision Manager for December 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-37920...

SUSE-SU-2024:0034-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2023-49081: fixed an HTTP header injection via a crafted version bsc1217684...

SUSE-SU-2024:0033-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2023-49081: fixed an HTTP header injection via a crafted version bsc1217684...

CVE-2023-4463

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...

Design/Logic Flaw

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...