Ubiquiti Inc.: AirFibre products vulnerable to HTTP Header injection

The uri GET parameter of Login.cgi is directly used on login to generate HTTP headers without sanitisation. An user could be tricked into logging into the device and then redirected to a malicious location or attacked through other HTTP Header injection attacks. Vulnerable code: if isset$uri &&...

CVE-2016-6603

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

CVE-2016-6484

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf...

CVE-2016-6603

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header...

CVE-2016-6603

CVE-2016-6603 affects ZOHO WebNMS Framework 5.2 and 5.2 SP1. The vulnerability allows remote attackers to bypass authentication and impersonate arbitrary users by sending a manipulated UserName HTTP header, enabling session hijacking via the GetChallengeServlet in WebNMS. Multiple connected sourc...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

[SECURITY] [DLA 761-1] python-bottle security update

Package : python-bottle Version : 0.10.11-1+deb7u2 CVE ID : CVE-2016-9964 Debian Bug : 848392 It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks...

ASP.NET Core 5-RC1 HTTP Header Injection Vulnerability

ASP.NET Core version 5.-RC1 suffers from an HTTP header injection vulnerability. Product: ASP.NET Core Vendor: Microsoft https://www.microsoft.com CSNC ID: CSNC-2016-006 Subject: HTTP Header Injection Risk: Medium Effect: HTTP Header manipulation Author: Reto Schadler email protected Date:...

ASP.NET Core 5-RC1 HTTP Header Injection

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: ASP.NET Core Vendor: Microsoft https://www.microsoft.com CSNC ID: CSNC-2016-006 Subject: HTTP Header Injection Risk: Medium Effect: HTTP Header manipulation Author: Reto Schadler [email protected] Dat...

Debian DSA-3743-1 : python-bottle - security update

It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter '\r\n' sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3743-1] python-bottle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3743-1] python-bottle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...

DSA-3743-1 python-bottle - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3743-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-3271

Apache Tika server aka tika-server in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header...

CVE-2015-3271

Apache Tika server aka tika-server in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header...

LocalTapiola: Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)

Basic report information Summary: Hi, The ctx parameter in http://viestinta.lahitapiola.fi/webApp/sankarikoulutus, can be exploited to perform an XSS Attack. Description: When a user clicks on a map area, The following POST request is generated : POST / HTTP/1.1 Host: viestinta.lahitapiola.fi...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service DoS attacks. These attacks are possible because it does not respect the limit on max http header size. This is caused because control characters are indefinitely skipped and the parsing never ends...