Design/Logic Flaw

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

CVE-2019-11217

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

CVE-2019-11217

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

Apache Axis Remote Code Execution (CVE-2019-0227)

A remote code execution exists in Apache Axis server. A remote attacker can exploit this vulnerability to execute arbitrary code in the affected system via a crafted http response...

openwsman: Disclosure of arbitrary files outside of the registered URIs

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman serve...

Stack overflow

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...

CVE-2019-3917

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request...

Junos OS: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service (JSA10910)

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. An SRX Series Service Gateway configured for Unified Threat Management UTM may experience a denial of service due to the receipt of crafted HTTP traffic. TRUSTED...

Cisco Identity Services Engine Access Control Error Vulnerability

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. An access control error...

CVE-2018-15459

A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...

CVE-2018-15459 Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...

CVE-2019-0006

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager fxpc on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to...

Design/Logic Flaw

An SRX Series Service Gateway configured for Unified Threat Management UTM may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which...

CVE-2019-0010 Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service

An SRX Series Service Gateway configured for Unified Threat Management UTM may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which...

The vulnerability of Cisco Adaptive Security Appliance’s microprogramming software, related to authentication process errors, allows attackers to escalate their privileges.

The vulnerability of Cisco Adaptive Security Appliance’s microprogramming software is related to authentication process errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges by using specially crafted HTTP requests...

Input validation

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...

CVE-2019-3581 McAfee Web Gateway denial of service attack due to Improper Input Validation

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...

Cross site scripting

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS...

CVE-2018-8827

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS...

The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the insufficient protection of the website structure, which allows a hacker to inject arbitrary code into the web pages that users are asked to download.

The vulnerability of the Microsoft Dynamics 365 resource planning software application is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the web pages uploaded to users, thereby gaining access to...