CVE-2019-11250

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

LibreNMS 1.46 - addhost Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.0...

Blue Angel Software Suite - Command Execution

Blue Angel Software Suite - Command Execution Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CV...

Denial Of Service (DoS)

Apache httpd is vulnerable to denial of serviceDoS attacks. A remote user could send a specially crafted sequence of request headers to trigger a buffer overread error in apfindtoken and cause a segmentation fault which leads application to a crash...

IBM WebSphere Application Server Denial of Service Vulnerability (CNVD-2019-12165)

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A denial of service vulnerability exists in IBM WAS, which originat...

Design/Logic Flaw

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242...

PT-2019-16860 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue is caused by improper handling of request headers, allowing a remote attacker to exploit it and cause memory consumption, leading to a denial of service...

CVE-2018-11783

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 t...

CVE-2018-11783

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 t...

Cross site request forgery (csrf)

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 t...

CVE-2018-11783

CVE-2018-11783 affects the Apache Traffic Server sslheaders plugin. The plugin “extracts information from the client certificate and sets headers in the request based on the configuration,” and in some scenarios does not strip those headers from the request. This creates information exposure as h...

CVE-2018-11783

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 t...

CVE-2018-17244

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...

CVE-2018-17244

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...

IBM Event Streams Privilege Acquisition Vulnerability

IBM Event Streams is a set of event streaming platform based on Apache Kafka project from IBM, USA. The platform is mainly used for Apache Kafka deployment, authentication and encrypted communication and other functions. A security vulnerability exists in IBM Event Streams. A remote attacker can...

UBUNTU-CVE-2017-12165

It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling...

Boerse.de Cross SIte Scripting

Exploit Title: Reflected XSS at Boerse DE Date: 22.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.boerse.de Software Link: Website Version: 1.0.0 Tested on: Google Chrome / Mozilla FireFox Reflected XSS Payload : " " " PoC : General : Request URL:...

FreeBSD : apache -- multiple vulnerabilities (f38187e7-2f6e-11e8-8f07-b499baebfeaf)

The Apache httpd reports : Out of bound write in modauthnzldap with AuthLDAPCharsetConfig enabled CVE-2017-15710 modsession: CGI-like applications that intend to read from modsession's 'SessionEnv ON' could be fooled into reading user-supplied data instead. CVE-2018-1283 modcachesocache: Fix...

HTTP authentication leak in redirects

curl might leak authentication data to third parties. When asked to send custom headers in its HTTP requests, curl sends that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the...

undertow: improper whitespace parsing leading to potential HTTP request smuggling

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...