ALPINE-CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

DEBIAN-CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

PYSEC-2020-148

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

UBUNTU-CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting Vendor Link: http://www.dedecms.com Software Link: http://www.dedecms.com/products/dedecms/downloads/ CVE: N/A Document Title: =============== DedeCMS v7.5 SP2 - Multiple Persistent Web...

NETGEAR Prosafe WC9500, WC7600 and WC7520 Operating System Command Injection Vulnerability

NETGEAR Prosafe WC9500 and others are a wireless controller for managing AP access points from NETGEAR. A security vulnerability exists in the NETGEAR Prosafe WC9500 version 5.1.0.17, WC7600 version 5.1.0.17, and WC7520 version 2.5.0.35. A remote attacker can exploit the vulnerability to execute...

Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it...

Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it...

PT-2020-6266 · Python +10 · Python +10

Name of the Vulnerable Software and Affected Versions: Python versions 3.x before 3.5.10 Python versions 3.6.x before 3.6.12 Python versions 3.7.x before 3.7.9 Python versions 3.8.x before 3.8.5 Description: The issue is related to a lack of output encoding or escaping mechanism in Python's HTTP...

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution

BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description...

PYSEC-2019-58

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

UBUNTU-CVE-2019-0196

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

Apache Tomcat 7.0.x < 7.0.78 Remote Error Page Manipulation

According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78 or 8.5.x prior to 8.5.15. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet...

tomcat: Remote Code Execution bypass for CVE-2017-12615

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

Secutech DSL WR RIS 330 Cross Site Scripting

Document Title: =============== Secutech DSL WR RIS 330 - Filter Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1988 Release Date: ============= 2018-07-09 Vulnerability Laboratory ID VL-ID: ==================================== 198...

Design/Logic Flaw

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

Spring Framework Cross-Site Tracking Vulnerability

Pivotal Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Pivotal Spring Framework versions 5.0.x prior to 5.0.7, 4.3.x prior to 4.3.1...