The vulnerability of the GetGo Download Manager’s download manager is caused by buffer overflow, allowing a malicious actor to execute arbitrary code.

The vulnerability of the GetGo Download Manager manager is caused by a buffer overflow. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code on NAS devices, using a specially crafted line in the HTTP response header from the server...

CVE-2017-14190

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests...

Internet Bug Bounty: Inappropriately parsing HTTP response leads to PHP segment fault!

Description ----- A NULL Pointer Deference in parsing HTTP header. It is very easy to trigger this segment fault and may be vulnerable in some scenarios. Original bug report ----- - https://bugs.php.net/bug.php?id=75535 Note ----- - None Thanks : Impact Segment fault...

Denial Of Service (DoS)

undertow-core is vulnerable to denial of service DoS attacks. The application does not check if the HTTP header values it receives are null, allowing a malicious user to pass null header values to fill the heap and cause resource exhaustion...

DEBIAN-CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

MGASA-2017-0460 Updated java-1.8.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2017-10285, CVE-2017-10346 It was discovered that the Kerberos client implementation in the Libraries...

Design/Logic Flaw

Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon...

CVE-2017-17713

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.0 (RHSA-2017:3455)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3455 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Re...

eap: HTTP header injection / response splitting

It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

eap: HTTP header injection / response splitting

It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...

OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

Debian DLA-1187-1 : openjdk-7 security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, unauthorized access, sandbox bypass or HTTP header injection. For Debian 7 'Wheezy', these problems have been fixed in versio...

[SECURITY] [DSA 4048-1] openjdk-7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4048-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DLA 1187-1] openjdk-7 security update

Package : openjdk-7 Version : 7u151-2.6.11-2deb7u2 CVE ID : CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Several vulnerabilities hav...

Debian: Security Advisory (DSA-4048-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Python Meterpreter Shell, Reverse HTTPS Inline

Connect back to the attacker and spawn a Meterpreter shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python includ...

HTTP Header Injection

CodeIgniter framework is vulnerable to HTTP header injection attacks. These attacks are possible through the setstatusheader function...

Hacker Target: Sending Emails from DNSDumpster - Server-Side Request Forgery to Internal SMTP Access

| Summary: | | -- | HackerTarget is a service that provides access to online vulnerability scanners and tools used by many security professionals and “makes securing your systems easier”. They also are the creators of DNSDumpster which is a popular service used for recon. | Description: | | --|...