5 matches found
HTTP Request Smuggling
Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via discrepancies in the parsing of HTTP header names. An attacker can bypass security controls and access unauthorized resources by sending...
EUVD-2026-1048
AIOHTTP's unicode processing of header values could cause parsing discrepancies...
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Summary The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. Details The function first tests to see if the specified URL has a protocol. This uses the unjs/ufo package for URL...
Cisco IronPort C350 Header Injection
!/usr/bin/perl -w Cisco IronPort C350 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...
Cisco Email Security Virtual Appliance C100V IronPort Header Injection
!/usr/bin/perl -w Cisco Email Security Virtual Appliance C100V IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todo...