Latest Security News about http request

Apache HTTP Server 2.4 vulnerabilities

  Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. CVE-2020-1927   Apache HTTP Server 2.4 vulnerabilities This page lists all security vulnerabilities fixed in released versions [...]

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

Overview : Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. CVE-2020-9467 stored XSS with pwg.images.setInfo #1168 n file param. No worry with an admin, but this method can be used by a community user as well. Originally reported by Zak S. see CVE-2020-9467 References Note: References are provided for the [...]

Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0

Overview : Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request. Affected Product(s) : KonaKart Storefront Application prior to 7.3.0.0 Vulnerability Details : CVE ID : […]