Information Disclosure

urllib3 is vulnerable to Information Disclosure. The library does not remove Authorization HTTP header during a cross-origin redirect, leading to the disclosure of credentials in the Authorization header...

CVE-2018-6703

Use After Free in Remote logging which is disabled by default in McAfee McAfee Agent MA 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service...

CVE-2018-6703 Remote Logging functionality had a use after free vulnerability in McAfee Agent

Use After Free in Remote logging which is disabled by default in McAfee McAfee Agent MA 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service...

JVN#32155106: Multiple vulnerabilities in i-FILTER

i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 HTTP...

YunoHost HTTP Header Injection Vulnerability

YunoHost is a Linux-based server operating system. A security vulnerability exists in YunoHost versions 2.7.2 through 2.7.14, which can be exploited by attackers to inject HTTP headers with the help of malicious links, redirect users to malicious websites, cause HTTP response splitting or cache...

JVN#89767228: Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners

Multiple printers and scanners provided by SEIKO EPSON CORPORATION contain multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2018-0688 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N|...

CVE-2018-11347

The CVE-2018-11347 entry concerns the YunoHost web application (versions 2.7.2 through 2.7.14). Affected component/issue: HTTP Response Header Injection, enabling an attacker to inject one or more HTTP headers in server responses. Attack requirements: user interaction is needed (the attacker must...

Design/Logic Flaw

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers including the Cookie header, and common.inc.php allows registering variables from the $COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such ...

Digger - Tool Which Can Do A Lot Of Basic Tasks Related To Information Gathering

Digger is a multi-functional tool written in python for all of your primary data gathering wants. It makes use of APIs to assemble all the data so your id just isn’t uncovered. Features Whois Lookup Online Traceroute DNS Lookup Reverse DNS Lookup IP Location Lookup Port Scan HTTP Header Check How...

CVE-2018-3951

CVE-2018-3951 describes a remote code execution in the TP-Link TL-R600VPN HTTP server caused by a buffer overflow in the HTTP header parsing. A specially crafted, authenticated HTTP request to vulnerable endpoints can overflow a static buffer, enabling arbitrary code execution in the httpd proces...

CVE-2018-19468

HuCart 5.7.4 has SQL injection in getip in system/class/helperclass.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=actlogin URI...

Sql injection

HuCart 5.7.4 has SQL injection in getip in system/class/helperclass.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=actlogin URI...

CVE-2018-19468

HuCart 5.7.4 has SQL injection in getip in system/class/helperclass.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=actlogin URI...

Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities

Summary The Planning Analytics Workspace component of IBM Planning Analytics is vulnerable to multiple Node.js vulnerabilities including OpenSSL vulnerabilities in Node.js. The version of Node.js use by IBM Planning Analytics Workspace has been upgraded to address these vulnerabilities...

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...

GHSA-GHGJ-3XQR-6JFM Jetty vulnerable to exposure of sensitive information to unauthenticated remote users

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...

Sql injection

An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php...

CVE-2018-18789

An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20181018)

Security Fixes : - OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 - OpenJDK: Unrestricted access to scripting engine Scripting, 8202936 CVE-2018-3183 - OpenJDK: Incomplete enforcement of the trustURLCodebase restriction JNDI, 8199177 CVE-2018-3149 - OpenJDK: Incorrect handli...

Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...