CVE-2023-38434

The CVE-2023-38434 issue affects the xHTTP server library (xhttp.c) where a double-free occurs in close_connection when handling a malformed HTTP request method. Root cause: freeing conn->request.public.headers.list twice. Impact: potential crash/denial of service (availability). A publicly do...

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

CVE-2023-38434

xHTTP 72f812d has a double free in closeconnection in xhttp.c via a malformed HTTP request method...

SUSE CVE-2006-1728

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method...

SUSE CVE-2008-7249

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

RHEL 7 : python27 (RHSA-2020:4273)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4273 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 7 : rh-python38 (RHSA-2020:4299)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4299 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

PT-2022-23622 · Algosec · Algosec Fireflow

Name of the Vulnerable Software and Affected Versions: AlgoSec FireFlow affected versions not specified Description: The issue involves a Reflected Cross-Site-Scripting RXSS attack. A malicious user can inject JavaScript code into the IntersectudRule parameter on the "search/result.html" page. By...

CVE-2020-15338

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests...

GHSA-WHF8-3H58-2W9F Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

Cross site request forgery (csrf)

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...

PT-2022-16822 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 versions prior to 4.1.9 Description: A vulnerability in CodeIgniter4 might allow remote attackers to bypass the Cross-Site Request Forgery CSRF protection mechanism. This issue can be exploited when auto-routing is enabled or...

AlmaLinux 8 : python-urllib3 (ALSA-2021:1631)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:1631 advisory. - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the...

CVE-2022-22551

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session...

Banco Guayaquil v8.0.0 iOS - Cross Site Web Vulnerability

Document Title: =============== Banco Guayaquil v8.0.0 iOS - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2315 Release Date: ============= 2022-01-21 Vulnerability Laboratory ID VL-ID: ====================================...

Ruby on Rails: Escape Sequence Injection vulnerability in Rack

An escape sequence injection vulnerability was discovered in the Rack framework's commonlogger. This vulnerability allowed an attacker to inject escape sequences into logs, potentially leading to the execution of dangerous control characters on a victim's terminal emulator...

Mult-e-Cart Ultimate 2.4 - (id) SQL Injection Vulnerability

Exploit Title: Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection Vendor Homepage: https://multecart.com/ Version: 2.4 Product & Service Introduction: =============================== Digital Multivendor Marketplace Online Store - eShop CMS Source: https://ultimate.multecart.com/ &...

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description in some delete actions I change the HTTP request method to GET and Also remove the CSRF token from request and then I able to Bypass your CSRF protection...

GHSA-WQVQ-5M8C-6G24 CRLF injection in urllib3

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

403Fuzzer - Fuzz 403/401Ing Endpoints For Bypasses

Fuzz 403ing endpoints for bypasses Follow on twitter! @intrudir This tool will check the endpoint with a couple of headers such as X-Forwarded-For It will also apply different payloads typically used in dir traversals, path normalization etc. to each endpoint on the path. e.g. /%2e/test/test2...