CVE-2021-38713

The CVE-2021-38713 entry concerns imgURL 2.31, where a cross-site scripting (XSS) vulnerability can be triggered via the X-Forwarded-For HTTP header. Public references and multiple security trackers (Red Hat, GHSA, OSV, NVD, CNVD, etc.) consistently describe imgURL 2.31 as vulnerable to XSS throu...

jwtXploiter - A Tool To Test Security Of Json Web Token

A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token payload: changes claims and subclaims values. Exploit known vulnerable header claims kid, jku, x5u Verify a token Retrieve the public key of your target's ssl connection and try to use it in a key...

Denial Of Service

rabbitmq-server is vulnerable to denial of service. The vulnerability exists due to the lack of sanitizating the "X-Reason" HTTP Header which can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing...

Huawei EulerOS: Security Advisory for ceph (EulerOS-SA-2021-2288)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HTTP Request Smuggling in Web Proxies

Overview HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling. Description The affected systems allow invalid characters such as carriage return and newline characters in HTTP/2 headers. When an attacker passes these...

Authorization Bypass

nilsteampassnet/teampass is vulnerable to authorization bypass. Sending an X-Forwarded-For client HTTP header to the getIp function allows any users with a valid API token to bypass IP address whitelist restrictions...

Security Bulletin: HTTP Header Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2021-20560)

Summary There are issue with HTTP header 'X-Frame-Options' not present. IBM Sterling Connect:Direct Browser has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-20560 DESCRIPTION: IBM Sterling Connect:Direct Browser User Interface could allow a remote attacker to hijack the...

Updated python-django package fixes security vulnerabilities

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability CVE-2021-28658. In Django 2.2 before 2.2.21, 3.1 before 3.1.9, an...

CVE-2021-34828

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

CVE-2021-34827

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results...

CVE-2021-34830

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results...

CVE-2021-34828

CVE-2021-34828 affects D-Link DAP-1330 (firmware 1.13B01 BETA). The flaw is in handling of the SOAPAction HTTP header, caused by insufficient validation of the length of user-supplied data copied into a fixed-length buffer. This enables network-adjacent attackers with no authentication to execute...

CVE-2021-34828

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

CVE-2021-34827

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

Design/Logic Flaw

SAP Web Dispatcher and Internet Communication Manager ICM, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83,...

CVE-2021-20784

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...

Heap overflow

HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors...

CVE-2021-20784

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...