3709 matches found
JVC XSS / CSRF / Header Injection / Weak Credentials
| | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video + Research and Advisory: Orwelllabs + Adivisory URL:...
JVC HDRs Net (Multiple Cameras) - Multiple Vulnerabilities
JVC HDRs Net Multiple Cameras - Multiple Vulnerabilities | | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video +...
JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities
| | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video + Research and Advisory: Orwelllabs + Adivisory URL:...
JVC HDRs and Net Cameras - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video + Research and Advisory: Orwelllabs + Adivisory URL:...
Sucuri: CRLF/HTTP header injection www.sucuri.net
I would like to report a security vulnerability on www.sucuri.net. The domain appears to be vulnerable for CRLF or HTTP header injection. This allows attackers to construct a URL that injects HTTP headers in the server's response. One of the things an attacker can do is injecting a "Set-Cookie"...
CVE-2016-0902
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
LiteSpeed Web Server HTTP Header Injection Vulnerability
LiteSpeed Web Server is a software for the Mac operating system. LiteSpeed Web Server suffers from an HTTP header injection vulnerability that allows attackers to exploit the vulnerability for injection attacks...
OpenWGA Content Manager XSS Vulnerability
OpenWGA Content Manager is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Palo Alto PAN-OS HTTP Header Evasion Vulnerability (PAN-SA-2016-0006)
An evasion was identified whereby a user could specially craft an HTTP header to evade URL filtering on Palo Alto Networks firewalls. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
DEBIAN-CVE-2015-8852
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r carriage return character in conjunction with multiple Content-Length headers in an HTTP...
CVE-2015-8852
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r carriage return character in conjunction with multiple Content-Length headers in an HTTP...
HTTP Header Evasion
An evasion was identified whereby a user could specially craft an HTTP header to evade URL filtering on Palo Alto Networks firewalls. Ref 93838...
CVE-2016-3686
The Single Sign-On SSO feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect...
OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability
Summary OpenWGA is an advanced open source java based enterprise CMS platform featuring real WYSIWYG, a state of the art CMS IDE and more. Description OpenWGA suffers from a cross-site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being...
DEBIAN-CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...
CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...
Design/Logic Flaw
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...
CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...
CVE-2016-2216
CVE-2016-2216 affects Node.js HTTP header parsing in several branches (0.10.x, 0.11.x, 0.12.x, 4.x, 5.x). Root cause: header parsing inadequately validates UTF-8/Unicode characters, enabling HTTP response-splitting protection bypass. Demonstrated by crafted encoded input like %c4%8d%c4%8a. Impact...
CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...