76 matches found
Amazon Linux 2 : curl (ALAS-2018-951)
HTTP authentication leak in redirects libcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...
heavyhaulertrailers.com XSS vulnerability
Open Bug Bounty ID: OBB-562841 Description| Value ---|--- Affected Website:| heavyhaulertrailers.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
MGASA-2018-0110 Updated curl packages fix security vulnerability
It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. When accessed, the data is read out of bounds and causes either a crash or that the too large data gets passed to the libcurl callback. This might lead to a...
Haxx libcurl out-of-bounds read vulnerability
Haxx libcurl is a free , open source client-side URL transport library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. A security vulnerability exists in code handling HTTP/2 trailers in Haxx libcurl versions 7.49.0 through 7.57.0. An attacker can exploit this...
DEBIAN-CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...
ALPINE-CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...
HTTP/2 trailer out-of-bounds read
libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once...
UBUNTU-CVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...
USN-2523-1: Apache HTTP Server vulnerabilities
Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...
FreeBSD : apache24 -- several vulnerabilities (5804b9d4-a959-11e4-9363-20cf30e32f6d)
Apache HTTP SERVER PROJECT reports : modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple...
apache24 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Requi...
Apache Httpd < 2.4.12 : HTTP Trailers processing bypass
HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...
Apache Httpd < 2.2.29 : HTTP Trailers processing bypass
HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...
Andy Cameron WebSystems SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Joomla JC - Top 25 Movie Trailers Cross Site Scripting
=========================================================== JC - Top 25 Movie Trailers module XSS Vulnerability =========================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...
JC - Top 25 Movie Trailers module XSS Vulnerability
Exploit for php platform in category web applications =================================================== JC - Top 25 Movie Trailers module XSS Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'...