Design/Logic Flaw

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header...

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

DEBIAN-CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18837

CVE-2018-18837 affects Netdata 1.10.0 and is described as HTTP Header Injection via the api/v1/data filename parameter due to web_client_api_request_v1_data in web/api/web_api_v1.c. The vulnerability is categorized as a header injection issue (CVSS details shown in the entry: CVSSv3 base score 6....

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

HTTP Header Information Disclosure

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version and technologies used by the web server. No source data...

CRLF Injection

Python is vulnerable to CRLF Injection. Remote unauthenticated attacker could exploit the flaw by controling a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that lacks a ? character followed by an HTTP header o...

CRLF Injection

Python is vulnerable to CRLF Injection. Remote unauthenticated attacker could exploit the flaw by controling a url parameter, as demonstrated in the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header or a Redis comman...

Cuvva: Clickjacking in ops.cuvva.com

Hi, Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking contr...

Unauthorised Access

Envoy is vulnerable to unauthorised access vulnerability. This occurs when parsing HTTP/1.x header values because envoy does not reject embedded zero characters NUL, ASCII 0x0. This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header...

Privilege Escalation

Apache is vulnerable to privilege escalation attacks. This exists in moduserdir . An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data...

Siemens SIMATIC HMI Panels < 15.4 Integrated Webserver HTTP Header Injection

Binary data 720167.prm...

Cross-Site Scripting (XSS)

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting XSS flaw was found in the way the Red Hat Satellite web interface...

CRLF Injection

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting XSS flaw was found in the way the Red Hat Satellite web interface...

Remote Code Execution

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting XSS flaw was found in the way the Red Hat Satellite web interface...

Security Bulletin: API Connect V2018 is impacted by a vulnerability in Golang (CVE-2019-9741)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9741 DESCRIPTION: Golang GO is vulnerable to HTTP header injection, caused by improper validation of input in the http.NewRequest. By sending a specially-crafted request, a remote attacker cou...

CVE-2019-9900

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters NUL, ASCII 0x0. This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources...