PT-2019-3170 · Cisco · Cisco Firepower Services Software For Asa +2

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense Software affected versions not specified Cisco FirePOWER Services Software for ASA affected versions not specified Cisco Firepower Management Center Software affected versions not specified Description: The issu...

CVE-2019-3639 MWG UI: Cross-Frame Scripting vulnerability

Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header...

CVE-2019-0338

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure...

Information disclosure

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure...

CVE-2019-0338

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure...

CVE-2019-0338

CVE-2019-0338 affects SAP Gateway’s OData V2/V4 endpoints in SAP (versions 750–753). The HTTP headers cache-control and pragma were not properly set, allowing an attacker to access restricted information and cause Information Disclosure. The connected documents provide the affected product (SAP G...

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

NoviSmart CMS - SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: NoviSmart CMS SQL injection Exploit Author: n1x MS-WEB Vendor Homepage: http://www.novismart.com/ Version: Every version CVE : CWE-89 Vulnerable parameter: Referer HTTP Header field GET Request GET / HTTP/1.1 Referer:...

NoviSmart CMS - SQL injection

NoviSmart CMS - SQL injection Exploit Title: NoviSmart CMS SQL injection Date: 23.7.2019. Exploit Author: n1x MS-WEB Vendor Homepage: http://www.novismart.com/ Version: Every version CVE : CWE-89 Vulnerable parameter: Referer HTTP Header field GET Request GET / HTTP/1.1 Referer:...

NoviSmart CMS - SQL injection

Exploit Title: NoviSmart CMS SQL injection Date: 23.7.2019. Exploit Author: n1x MS-WEB Vendor Homepage: http://www.novismart.com/ Version: Every version CVE : CWE-89 Vulnerable parameter: Referer HTTP Header field GET Request GET / HTTP/1.1 Referer:...

Novismart CMS SQL Injection

Exploit Title: NoviSmart CMS SQL injection Date: 23.7.2019. Exploit Author: n1x MS-WEB Vendor Homepage: http://www.novismart.com/ Version: Every version CVE : CWE-89 Vulnerable parameter: Referer HTTP Header field GET Request GET / HTTP/1.1 Referer:...

Medium: python34

Issue Overview: An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed b...

Security Bulletin: IBM Event Streams is affected by Go vulnerabilities

Summary IBM Event Streams has addressed the following vulnerabilities in the Go Runtimes shipped. Vulnerability Details CVEID: CVE-2019-9741 DESCRIPTION: Golang GO is vulnerable to HTTP header injection, caused by improper validation of input in the http.NewRequest. By sending a specially-crafted...

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

CVE-2019-6631

CVE-2019-6631 affects F5 BIG-IP 11.5.1–11.6.4 where iRules that manipulate HTTP headers can interrupt service for traffic on a Virtual Server with an HTTP profile when requests don’t fully conform to RFCs. Public sources note an HA failover/core-dump risk. Remediation is available via upgraded BI...

CVE-2019-12962

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...

CVE-2019-12962

LiveZilla Server (8.0.1.0 and earlier) is vulnerable to a reflected XSS in mobile/index.php via the Accept-Language header (CVE-2019-12962). The issue allows injection of JavaScript, potentially exfiltrating session cookies or performing actions on behalf of the victim. Remediation: upgrade to th...

SUSE-RU-2019:1703-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: cobbler: - Removes string replace for textmode fix bsc1134195 py26-compat-salt: - Avoid syntax error on yumpkg module running on Python 2.6 bsc1136250 - Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs - Fix usermod options f...

TP-Link Wi-Fi extender remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

WiFi extender can enlarge the WiFi signal, mainly used for large or multi-storey residential, and the router signal can not cover the family's case. The extender's principle is from the main router to get a WiFi signal, and broadcast channel other WiFi signal weak or no signal area. IBM X-Force...

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header...