CVE-2016-5386

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's net/http package,...

CVE-2020-7611

All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client...

CVE-2020-7611

All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client...

Design/Logic Flaw

All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client...

CVE-2020-7611

CVE-2020-7611 affects io.micronaut:micronaut-http-client. Vulnerable versions: all before 1.2.11 and 1.3.0–1.3.1/2 (i.e., 1.3.1) are susceptible to HTTP Request Header Injection caused by not validating headers passed to the client. The issue can enable manipulation of request headers and, per ad...

Micronaut's HTTP client is vulnerable to HTTP Request Header Injection

Vulnerability Micronaut's HTTP client is vulnerable to "HTTP Request Header Injection" due to not validating request headers passed to the client. Example of vulnerable code: java @Controller"/hello" public class HelloController @Inject @Client"/" RxHttpClient client; @Get"/external-exploit"...

CVE-2020-3164

Summary: CVE-2020-3164 is a GUI Denial of Service vulnerability in Cisco AsyncOS web interfaces for the Cisco Email Security Appliance (ESA), Web Security Appliance (WSA), and Content Security Management Appliance (SMA). It stems from improper validation of specific HTTP request headers, allowing...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2019-2445)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4213-1: Squid vulnerabilities

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-12523 Jeriko One...

CVE-2018-19510

subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header...

CVE-2018-19510

Webgalamb is affected by CVE-2018-19510 where subscriber.php (Webgalamb up to version 7.0) is vulnerable to SQL injection via the Client-IP HTTP header. The issue originates from insufficient validation of externally supplied SQL statements in the database layer, enabling an attacker to influence...

CVE-2018-17193

The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a pri...

SUSE-SU-2018:1161-2 Security update for apache2

This update for apache2 fixes the following issues: CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814...

ManageEngine AssetExplorer 6.2.0 Cross Site Scripting

Exploit Title: ManageEngine AssetExplorer 6.2.0 - Stored XSS Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/asset-explorer/ Software : ZOHO Corp ManageEngine AssetExplorer 6.2.0 Product Version:...

LimeSurvey 3.14.7 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: LimeSurvey 3.14.7 - HTML Injection and Stored XSS Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.limesurvey.org/ Software Link : https://github.com/LimeSurvey/LimeSurvey Software : LimeSurvey 3.14.7 Product Version...

ManageEngine Desktop Central 10.0.271 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: ManageEngine Desktop Central 10 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/desktop-central/ Software : ZOHO Corp...

ManageEngine SupportCenter Plus 8.1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: ManageEngine SupportCenter Plus 8.1.0 - HTML Injection and Stored XSS Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/support-center/ Software ...

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Softwa...

Design/Logic Flaw

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...

CVE-2018-14773

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...