CVE-2026-8368

A flaw was found in LWP::UserAgent, a component of perl-libwww-perl. This vulnerability allows a remote attacker to obtain a user's credentials by redirecting a request to an attacker-controlled host. When processing a redirect, the LWP::UserAgent fails to properly strip Authorization and...

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

...

SUSE CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

i-Gallery 3.4 Database Disclosure

==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

ExcessWeb And Network CMS 4.0 Database Disclosure

==================================================================================================================================== | Title : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

Data Driven CMS 0.4.1 Database Disclosure

==================================================================================================================================== | Title : Data Driven CMS v0.4.1 database disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

Blackboard 2.0.2 Database Disclosure

==================================================================================================================================== | Title : blackboard v 2.0.2 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | ...

Banner RotatorCMS 1.0 Database Disclosure

==================================================================================================================================== | Title : Banner RotatorCMS v1.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bi...

A Cart 1.0 Database Disclosure

==================================================================================================================================== | Title : A cart 1.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | | Vendor...

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

ZynOS rom-0 Flaw Scanner

!/usr/bin/perl ZynOS rom-0 Flaw Scanner Copyright 2021 c Todor Donev https://donev.eu/ $ perl zynosscanner ZynOS rom-0 Flaw Scanner zynosscanner --targets= --threads=10 --redirects=7 --help --targets | Specify the list with addresses that you want to scan. --dump | Dump rom-0 file for each target...

Garfield Petshop 2020-10-01 Cross Site Request Forgery

!/usr/bin/perl Garfield Petshop Add-Admin Exploit By Ramdan Yantu rysec.io \ bastardlabs.info From Gorontalo - Indonesia Mail: ramdanyantuatgmail.com Application by Gamma Advertisa Link: https://detapos.co/ | https://demo.detapos.co.id/petshop CVE: CVE-2020-26522 use strict; use warnings; use...

ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure

ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: www.escam.cn Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en CVE...

DBPower C300 HD Camera Remote Configuration Disclosure

!/usr/bin/perl DBPower C300 HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual...

Zabbix 4.4 Authentication Bypass

!/usr/bin/perl -w Zabbix Zabbix Initializing the browser Referer = User-Agent = Opera/9.61 Macintosh; Intel Mac OS X; U; de Presto/2.1.1 Content-Type = application/x-www-form-urlencoded no-store, no-cache, must-revalidate close Mon, 07 Oct 2019 12:29:54 GMT no-cache nginx Accept-Encoding text/htm...

WordPress 5.2.3 Remote Cross Site Host Modification

!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...

Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection

!/usr/bin/perl -w Cisco Titsco Email Security Appliance IronPort C160 Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev i...

Joomla AMGallery 1.2.3 Component - filter_category_id SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: Joomla! Component AMGallery 1.2.3 - 'filtercategoryid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://arenam.ru/ Software Link:...