5908 matches found
Flexense HTTP Server Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the Flexense HTTP server...
Squid Proxy Range Header Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Squid Proxy Range Header DoS', 'Description' = %q The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from...
GHSA-5X5Q-CQF6-GJ8R Serilog Client IP Spoofing vulnerability
Serilog before v2.1.0 contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. It is not possible to configure...
Serilog Client IP Spoofing vulnerability
Serilog before v2.1.0 contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. It is not possible to configure...
CVE-2024-44930
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
CVE-2024-44930
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
CVE-2024-44930
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
CVE-2024-44930
Summary of CVE-2024-44930 : Serilog (Serilog.Enrichers.ClientInfo) before v2.1.0 is affected by a Client IP Spoofing vulnerability. Attackers can falsify the client IP by supplying an arbitrary IP in the X-Forwarded-For or Client-Ip headers during HTTP requests. Affected component/functionality i...
CVE-2024-34198
TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlanssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long...
CVE-2024-34198
The CVE-2024-34198 case covers TOTOLINK AC1200 Wireless Router A3002RU (V2.1.1-B20230720.1011). A vulnerability in the boa-based formWlEncrypt CGI handler fails to bound the wlan_ssid input, enabling a crafted HTTP request with an excessively long wlan_ssid to trigger a stack overflow. Documented...
GHSA-CJ55-GC7M-WVCQ req may send an unintended request when a malformed URL is provided
The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in...
OESA-2024-2052 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1...
PT-2024-9470 · Veeam · Veeam Service Provider Console
Name of the Vulnerable Software and Affected Versions: Veeam Service Provider Console versions prior to 8.1.0.21377 Description: A vulnerability in Veeam Service Provider Console has been identified, which allows an attacker to perform arbitrary HTTP requests to arbitrary hosts of the network and...
CVE-2024-35538
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
CVE-2024-35538
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
CVE-2024-35538
Summary (CVE-2024-35538) : Typecho v1.3.0 contains a Client IP Spoofing vulnerability. An attacker can falsify their IP address by supplying an arbitrary value in the X-Forwarded-For or Client-Ip HTTP headers during requests. Affected version: Typecho 1.3.0 (and earlier per sources). The vulnerab...
CVE-2024-35538
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
Tenda FH1201 Command Execution Vulnerability
The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a command execution vulnerability that stems from a problem with the handler function in /goform/telnet, which can be exploited by an attacker to execute arbitrary commands via specially crafted HTTP requests...
CVE-2024-42353
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...
CVE-2024-42353 WebOb's location header normalization during redirect leads to open redirect
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...