CVE-2022-22831

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...

CVE-2022-22831

CVE-2022-22831 affects Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user by manipulating the Authorization HTTP header, due to insufficient validation in that header. The result is an unauthorized, unauthenticated privilege escalation to a highly privileged admin account, with high i...

Servisnet Tessa MQTT Credential Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...

Mageia: Security Advisory (MGASA-2017-0325)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0230)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Worming your way in through IIS - CVE-2022-21907

Worming your way in through IIS - CVE-2022-21907 By Trellix · January 27, 2022 This story was written by Eion Carroll. IIS HTTP Stack History In the first patch Tuesday of 2022, Microsoft released a patch for a wormable vulnerability CVE-2022-21907 within the IIS HTTP stack, or more specifically...

IBM Cloud Pak for Automation Input Validation Error Vulnerability

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux...

CVE-2021-29872

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...

CVE-2021-29872

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...

CVE-2021-29872

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 – Business Automation Studio component is vulnerable to HTTP header injection due to improper HOST header validation. A remote attacker can craft requests to inject the HOST header, enabling attacks such as cross-site scripting, cache poisoning, or s...

Security Bulletin: Host header injection vulnerability in Business Automation Studio in Cloud Pak for Automation (CVE-2021-29872)

Summary Business Automation Studio in IBM Cloud Pak for Automation is vulnerable to a host header injection attack. Vulnerability Details CVEID: CVE-2021-29872 DESCRIPTION: IBM ICP4A - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of...

Log4Shell HTTP Header Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Header Injection', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in...

SonicOS Content-Length HTTP Header Stack Overflow Vulnerability

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE:...

AZL-35037 CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.15-1

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33604 CVE-2021-44716 affecting package kube-vip-cloud-provider for versions less than 0.0.2-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33577 CVE-2021-44716 affecting package csi-driver-lvm for versions less than 0.4.1-15

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

openSUSE 15 Security Update : netdata (openSUSE-SU-2021:1603-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1603-1 advisory. - An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data i...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Nmap Log4Shell NSE script for discovery Apache Log4j RCE CVE-...

Header injection in nodemailer

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object...