Microsoft Open Redirect

Exploit Title: Open Redirect at Microsoft Date: 28.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.microsoft.com/ Software : Microsoft Service Website Software Version : 1.0.0 Vulnerability : Open Redirect CWE : CWE-601: URL Redirection to Untrusted Site 'Open Redirect'...

[SECURITY] [DLA 1389-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u13 CVE ID : CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 Debian Bug : Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that modauthnzldap, if configured with AuthLDAPCharsetConfig,...

HTTP Header Injection

excon is vulnerable to HTTP Header Injection through header splitting. The vulnerability exists as special newline characters such as \r\n could be used to split the HTTP header, allowing HTTP Header Injection attacks...

Fedora 26 : webkitgtk4 (2018-6a9fea1b3a)

This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...

Input validation

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input ...

UBUNTU-CVE-2018-1067

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input ...

CVE-2018-1067

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input ...

Passit: X-Content-Type-Options has not been set at app.passit.io

Hi The Http Header X-Content-Type-Options is missing. Impact Your website http://app.passit.io/ doesn't have a header settings for X-Content-Type Options which means it is vulnerable to MIME sniffing. The only defined value, 'nosniff', prevents Internet Explorer and Google Chrome from MIME-sniffi...

Passit: `X-XSS-Protection` header has not been set at app.passit.io

Hi X-Xss-Protection at app.passit.io has not been set. Impact This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari Webkit. Valid settings for the header are 0, which disables the protection, 1 which enables the protection and 1;...

[SECURITY] [DSA 4195-1] wget security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4195-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 08, 2018 https://www.debian.org/security/faq -...

PlaySMS import.php Authenticated CSV File Upload Code Execution

This module exploits an authenticated file upload remote code excution vulnerability in PlaySMS Version 1.4. This issue is caused by improper file contents handling in import.php aka the Phonebook import feature. Authenticated Users can upload a CSV file containing a malicious payload via vectors...

SUSE-SU-2018:1161-1 Security update for apache2

This update for apache2 fixes the following issues: CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814...

Debian: Security Advisory (DSA-4195-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : JBoss Enterprise Application Platform 7.1.2 for RHEL 7 (Important) (RHSA-2018:1247)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1247 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

RHEL 6 / 7 : jboss-ec2-eap package for EAP 7.1.2 (Important) (RHSA-2018:1249)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1249 advisory. The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS...

RHEL 6 : JBoss Enterprise Application Platform 7.1.2 on RHEL 6 (Important) (RHSA-2018:1248)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1248 advisory. - undertow: Path traversal in ServletResourceManager class CVE-2018-1047 - undertow: HTTP header injection using CRLF with UTF-8 Encoding...

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot

Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html Category: dos 1. www.shodan.io with title...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.2 security update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Important: Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.1.2

An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impa...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.2 for RHEL 7

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...