3710 matches found
CVE-2018-18074
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...
Authorization
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...
Design/Logic Flaw
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...
Design/Logic Flaw
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field...
CVE-2018-15700
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...
CVE-2018-15701
CVE-2018-15701 affects TP-Link TL-WRN841N (firmware 0.9.1 4.16 v0348.0) where the web interface is vulnerable to a denial-of-service when an unauthenticated LAN user sends a crafted HTTP header with an unexpected Cookie field. The issue is triggered via the web management interface; the precise r...
CVE-2018-15700
The CVE-2018-15700 issue affects TP-Link TL-WRN841N running 0.9.1 4.16 v0348.0 where an unauthenticated LAN user can trigger a denial of service by sending a crafted HTTP header with an unexpected Referer field. Public documentation/connected sources describe the vulnerability in the device web i...
CVE-2018-15700
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...
CVE-2018-15701
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field...
Sql injection
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header...
CVE-2018-17136
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header...
CVE-2018-17136
CVE-2018-17136 affects ZZCMS v8.3, with a SQL Injection in /user/check.php exploitable via the Client-Ip HTTP header. Root cause is improper handling of the header leading to SQL command injection. Exploitation details are not provided beyond the architectural description; CVSS metrics indicate a...
Monstra CMS HTTP Header Injection Vulnerability
Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. An HTTP header injection vulnerability exists in the 'cfg' parameter of the...
Design/Logic Flaw
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
CVE-2018-16979
CVE-2018-16979 affects Monstra CMS 3.0.4. The Nuclei template and related descriptions confirm an HTTP header injection vulnerability in plugins/captcha/crypt/cryptographp.php cfg parameter, allowing an attacker to craft input that can redirect users to attacker-controlled domains, enable cache p...
CVE-2018-16832
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...
CVE-2018-16832
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...