CVE-2017-2878

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an...

CVE-2018-1149

cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...

Authentication flaw

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmwar...

Design/Logic Flaw

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Exploit Title:​​ Kirby CMS 2.5.12 - Cross-Site Request Forgery Delete Page Date: 2018-07-22 Exploit Author: Zaran Shaikh Version: 2.5.12 CVE: NA Category: Web Application 1. Description The application allows malicious HTTP requests to be sent in order to trick a user into adding/ deleting web...

CVE-2018-13864

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 fixed in 2.6.16 when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests...

Western Digital WD TV Live Hub RCE Vulnerability

The web server on Western Digital TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced...

CVE-2018-0371

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

CVE-2017-3960

Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter...

HTTP.sys Denial of Service Vulnerability

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become...

CVE-2018-6670

External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...

Xxe

External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...

Null pointer dereference

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\CFG2.ini" without a cookie head...

CVE-2017-12124

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability...

PT-2018-5367 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A cross-site request forgery issue exists in the web server functionality, allowing an attacker to create malicious HTML that can trigger this issue when a specially crafted HTTP packet is...

Design/Logic Flaw

A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi...

CVE-2018-7539

On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request such as GET /../../../../../../../../../../../../etc/passwd to the web server fuzzd/0.1.1 running the Maintenance Center on port TCP/8088. This can lead to full...

PHPUnit 'CVE-2017-9841' RCE Vulnerability (HTTP) - Active Check

PHPUnit is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only nb: - For very large web pages w...

CVE-2018-8954

CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request...

Cross site request forgery (csrf)

CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request...