CVE-2025-62524

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

EUVD-2025-20826

Malicious code in bioql PyPI...

CVE-2025-7381

ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changin...

CVE-2025-7381

ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changin...

CVE-2025-7381

ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changin...

CVE-2025-7381

CVE-2025-7381 affects Mautic-related Docker images and the PHP base image: an information-disclosure flaw where the X-Powered-By header reveals the PHP version, enabling server fingerprinting. Root cause is PHP’s expose_php behavior; attack surface is the header exposure rather than code executio...

Mautic Docker Image 安全漏洞

Mautic Docker Image is a Mautic open source Docker image for Mautic. A security vulnerability exists in Mautic Docker Image that stems from exposing the PHP version via the X-Powered-By header, which could lead to server fingerprinting...

PT-2025-28900 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Description: This is an information disclosure issue originating from PHP’s base image. The vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint...

Boerse.de Cross SIte Scripting

Exploit Title: Reflected XSS at Boerse DE Date: 22.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.boerse.de Software Link: Website Version: 1.0.0 Tested on: Google Chrome / Mozilla FireFox Reflected XSS Payload : " " " PoC : General : Request URL:...

To delete two headers in HTTP Response

In certain cases, we do not want to parse the HTTP headers to the end Client. NetScaler can do this job by deleting the HTTP header received from the Server. We can use Rewrite feature of NetScaler to achieve this. Configuration AppExperts Rewrite. Step 1 : To remove HTTP header named "Server" CL...

JBoss AS 2.0 - Remote Exploit

No description provided by source. THE FULL DAYTONA PACKAGE -- BY KINGCOPE, YEAR 2011 THREE JBOSS APPLICATION SERVER REMOTE EXPLOITS WITH AUTHEN BYPASS PORTED FROM METASPLOIT AND BEEFED UP WITH TWO SCANNERS: PNSCAN W/ SSL SUPPORT SYNSCAN MODDED FILES: daytonabsh.pl, daytonadeployfile.pl,...

Localize: Server header - information disclosure

X-Powered-By: PleskLin HTTP/1.1 200 OK Date: Thu, 17 Apr 2014 19:52:33 GMT Server: Apache Pragma: no-cache Expires: Mon, 24 Mar 2008 00:00:00 GMT Cache-Control: no-cache X-Powered-By: PleskLin Vary: Accept-Encoding Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html;...

JBoss AS 2.0 - Remote Command Execution

THE FULL DAYTONA PACKAGE -- BY KINGCOPE, YEAR 2011 THREE JBOSS APPLICATION SERVER REMOTE EXPLOITS WITH AUTHEN BYPASS PORTED FROM METASPLOIT AND BEEFED UP WITH TWO SCANNERS: PNSCAN W/ SSL SUPPORT SYNSCAN MODDED FILES: daytonabsh.pl, daytonadeployfile.pl, daytonamaindeploy.pl THE REMOTE EXPLOITS,...