636 matches found
Design/Logic Flaw
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi...
CVE-2018-7539
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request such as GET /../../../../../../../../../../../../etc/passwd to the web server fuzzd/0.1.1 running the Maintenance Center on port TCP/8088. This can lead to full...
Cross site request forgery (csrf)
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request...
CVE-2018-8954
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request...
Sql injection
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request...
CVE-2018-8954
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request...
CVE-2016-7472
F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service DoS via a crafted HTTP request...
VulnCheck KEV: CVE-2017-20149
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on...
CVE-2017-1524
IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970...
Directory traversal
A vulnerability in the credential reset functionality for Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to...
CVE-2017-16922
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request...
CVE-2018-7048
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service memory consumption via a crafted HTTP request...
Cross site request forgery (csrf)
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service memory consumption via a crafted HTTP request...
CVE-2018-7049
The CVE-2018-7049 entry concerns Wowza Streaming Engine prior to 4.7.1, with a cross-site scripting (XSS) vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager). The issue allows script injection or reflection via a cr...
Cross site request forgery (csrf)
RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request...
Default credentials
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings...
CVE-2018-5726
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings...
Brother Debut http Denial Of Service
The Debut embedded HTTP server 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure 'h00die' metasploit module , 'References' = 'CVE', '2017-16249' , 'URL',...
F5 BIG-IP Denial of Service Vulnerability (CNVD-2017-35572)
F5 BIG-IP is a collection of software and hardware that allows you to control the traffic that passes through your network. A denial of service vulnerability exists in F5 BIG-IP. A remote user can cause the target traffic management microkernel TMM to restart by sending a specially crafted HTTP...
CVE-2017-12285
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...