CVE-2025-15008 Tenda WH450 HTTP Request L7Port stack-based overflow

A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now publ...

EUVD-2018-6562

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-38697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension...

Rockwell Automation FLEX 5000 安全漏洞

Rockwell Automation FLEX 5000 is a high-speed counter module from Rockwell Automation. A resource management error vulnerability exists in the Rockwell Automation FLEX 5000 that stems from incorrect processing of a CIP Class 32 request causing the module to enter a fault state. No details of the...

CVE-2018-14668

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

The vulnerability of server software like HAProxy, related to deficiencies in HTTP request processing, allows attackers to circumvent security restrictions and send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of server-side software like HAProxy is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and send hidden HTTP requests a type of HTTP Request Smuggling attack...

WebServer 注入漏洞

WebServer is a C++ Linux WebServer server by MARK Individual Developers. An injection vulnerability exists in WebServer version 1.0, which originates from SQL injection due to manipulation of username/password parameters by the Login component in the file code/http/httprequest.cpp...

ClickHouse < 1.1.54388

The version of ClickHouse installed on the remote host is prior to 1.1.54388. It is, therefore, affected by a Cross Protocol Request Forgery vulnerability. In ClickHouse before 1.1.54388, remote table function allowed arbitrary symbols in user, password and defaultdatabase fields which led to Cro...

Design/Logic Flaw

A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0...

CVE-2022-3157

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault MNRF and a denial-of-service condition DOS...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises due to the failure to take measures to eliminate special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of Fortinet FortiWLM’s WLAN access point and LAN switch management systems exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a...

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

CVE-2018-14668

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

CVE-2018-14668

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

CVE-2018-14668

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

Server side request forgery (ssrf)

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

CVE-2018-14668

CVE-2018-14668 affects ClickHouse versions before 1.1.54388. The vulnerability arises from the remote table function allowing arbitrary symbols in the fields “user”, “password”, and “default_database,” enabling Cross Protocol Request Forgery Attacks. The available connected documents confirm the ...

CVE-2018-14668

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

PT-2019-9039 · Yandex · Clickhouse

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 1.1.54388 Description: The issue allows for Cross Protocol Request Forgery Attacks due to the "remote" table function permitting arbitrary symbols in the user, password, and default database fields. Recommendation...

Kache Cross Protocol Request Forgery

Title: Kache / CPRF Date: 03/01/2019 Discovered by: @codexlynx Software Version: var x = new XMLHttpRequest; x.open"POST", "http://:"; x.send"set mykey myvalue\n"; - POC 2: Exploit this CPRF for set a key via SSRF + CRLF Injection: https:///ssrf.php?urltopost=http://:/%0D%0Aset%20mykey%20myvalue...