TencentOS Server 4: libsoup3 (TSSA-2026:0274)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0274 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-14523

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

PT-2025-50606

Name of the Vulnerable Software and Affected Versions libsoup versions 2.4 and 3.x Description A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request, with the server processing the last occurrence. This discrepancy between how front proxies and the backend server...

EUVD-2006-0690

Malware in sbrugna...

EUVD-2007-3972

Malware in sbrugna...

EUVD-2005-3897

Malware in sbrugna...

EUVD-2006-0692

Malware in sbrugna...

EUVD-2002-1544

Malware in sbrugna...

Requirement to update Virtual Hosting Pool ID after moving machines to new host connection

After moving virtual machines from an old host connection to a new host connection, you may experience issues with power managing machines from the PVS console or if VMs have been created with BDM Boot Partition, you may not be able to update the BDM Boot partition when you add an additional PVS...

SUSE CVE-2002-1562

Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. dot dot sequences in the Host: header...

CVE-2020-0543 CROSSTALK

Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. Recent assessments: busterb at June 15, 2020 8:18pm UTC reported: This continues to bury SGX as an actual...

WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates

WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates. What, Why and How "What the Hack" is a challenge based hackathon format Challenges describe high-level tasks and goals to be...

[SECURITY] Fedora 30 Update: yaws-2.0.6-1.fc30

HTTP 1.0 and HTTP 1.1 web server capable of both static content page delivery and dynamic content generation using embedded Erlang code in the HTML pages. It provides virtual hosting capabilities and implements HTTP tracing and other debugging functionality such as interactive interpreter...

Reaching toward universal TLS SNI

The past few years have seen a dramatic increase in client support for TLS SNI a technology standard that makes HTTPS much more scaleable. While early 2014 saw fewer than 85% of HTTPS requests being sent by clients supporting TLS SNI, many Akamai customers today now see client TLS SNI usage...

Concrete CMS: Full Page Caching Stored XSS Vulnerability

Configuration A concrete5 site running over https on a dedicated IP address. Or any situation where you're not doing name-based virtual hosting and the web server will answer to any hostname. - You have full page caching enabled likely just block output caching too. - Doesn't matter if you have...

Open-Xchange: nginx server vulnerable

1 Vulnerability: Clickjacking Vulnerable Domain: lists.dovecot.fi Vulnerable URL: http://lists.dovecot.fi/?C=N;O=D%3Cscript%3Ealert%22Thalaivarsubu%22%3C/script%3E Browser version: Google Chrome 50.0.2661.94 Operating system: Windows 7 Steps to Reproduce: iframe width: 800px; height: 500px;...

Virtual Hosting Control System 2.4.7 .1 Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17790/info Virtual Hosting Control System is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...

Virtual Hosting Control System 2.2/2.4 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. The vulnerability arises when error messages are rendered and could let an attacker inject hostile HTML and script code into the browser...

[SECURITY] [DSA 2877-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

Debian DSA-2877-1 : lighttpd - security update

Several vulnerabilities were discovered in the lighttpd web server. - CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module modmysqlvhost. This only affects installations with t...