GHSA-C8M8-J448-XJX7 twisted.web has disordered HTTP pipeline response

Summary The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. PoC 0. Start a fresh Debian container: sh docker run --workdir /repro --rm -it debian:bookworm-slim 1. Install twisted and its dependencies...

twisted.web has disordered HTTP pipeline response

Summary The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. PoC 0. Start a fresh Debian container: sh docker run --workdir /repro --rm -it debian:bookworm-slim 1. Install twisted and its dependencies...

CVE-2024-41689 Hard-coded Credentials Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WP...

Medium: golang

Issue Overview: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the...

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 PoC This repository contains a Proof of Con...

SUSE CVE-2024-40975

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the...

PT-2024-37857 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2024-6765 - CVE-2021-34567: Oracle WebLogic Server Reverse HTTPProxy Denial of Service", "Content": "CVE ID : CVE-2024-6765 Published : July 17, 2024, 2:15 p.m. | 16 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CV...

CVE-2024-40975

A vulnerability was found in platform/x86 in the Linux kernel. This issue was resolved by changing the device removal order to unregister devices in reverse order of their registration. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

Collateral Damage Collateral Damage is a kernel exploit for Xb...

DEBIAN-CVE-2024-40975

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the...

CVE-2024-40975

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the...

CVE-2024-40975

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the...

CVE-2024-40975 platform/x86: x86-android-tablets: Unregister devices in reverse order

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the...

CVE-2024-40975 platform/x86: x86-android-tablets: Unregister devices in reverse order

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the...

The vulnerability of Huawei TC7001-10, WS7200-10, and WS7206-10 Wi-Fi routers lies in the lack of a mechanism to lock sessions. This allows attackers to gain unauthorized access to protected information or cause service failures.

The vulnerability of Huawei TC7001-10, WS7200-10, and WS7206-10 Wi-Fi routers’ microprogramming software is related to the lack of a session fixation mechanism, due to the absence of reverse address checking and TCP connection tracing. Exploiting this vulnerability can allow an unauthorized actor...

Reverse-Engineering Ticketmaster’s Barcode System

Interesting: By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removin...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

CVE-2023-4220 Chamilio exploit PoC Shamelessly Copied from...

Exploit for Protection Mechanism Failure in Artifex Ghostscript

PoC exploit for CVE-2024-29510, a Ghostscript format string vuln...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerability (USN-6880-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6880-1 advisory. Sam Shahsavar discovered that Apache Tomcat did not properly reject HTTP requests with an invalid Content-Length header. A remote attacker...

CVE-2024-39321

An authorization bypass vulnerability was found in Traefik. This flaw allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options do not meet...