Lucene search
K

1383 matches found

NVD
NVD
added 2017/12/22 2:29 p.m.18 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.3AI score0.03636EPSS
Exploits0References2
NVD
NVD
added 2017/12/22 2:29 p.m.22 views

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

7.5CVSS7.3AI score0.03467EPSS
Exploits0References2
OSV
OSV
added 2017/12/22 2:29 p.m.19 views

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

7.5CVSS7.6AI score
Exploits0References2
Debian CVE
Debian CVE
added 2017/12/22 2:0 p.m.19 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.4AI score0.03636EPSS
Exploits0
CNVD
CNVD
added 2017/11/09 12:0 a.m.2 views

Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-34415)

Huawei DP300, RP200, TE series and TX50 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A buffer overflow vulnerability exists in several Huawei products, which is caused by the device failing to adequately validate parameters in the...

5.3CVSS7.2AI score0.01177EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/30 12:0 a.m.2 views

F5 BIG-IP Denial of Service Vulnerability (CNVD-2017-35572)

F5 BIG-IP is a collection of software and hardware that allows you to control the traffic that passes through your network. A denial of service vulnerability exists in F5 BIG-IP. A remote user can cause the target traffic management microkernel TMM to restart by sending a specially crafted HTTP...

5.9CVSS6.8AI score0.03645EPSS
Exploits0References1
OSV
OSV
added 2017/10/27 2:29 p.m.5 views

CVE-2017-6160

In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel TMM to restart and temporarily fail to process traffic. This issue is exposed on virtual servers...

5.9CVSS5.8AI score0.03645EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/10/19 8:0 a.m.21 views

CVE-2017-12285

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...

5.3AI score0.37192EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2017/10/16 12:0 a.m.45 views

Schneider Electric U.motion Builder nfcserver.php SQL Injection (CVE-2017-7973)

An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the sessionid HTTP request parameter in requests made to nfcserver.php.A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP reque...

7.5CVSS1.2AI score0.01472EPSS
Exploits0
Prion
Prion
added 2017/08/29 3:29 p.m.11 views

Sql injection

SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...

6.5CVSS8.5AI score0.00863EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/08/21 7:29 a.m.20 views

CVE-2017-12784

In Youngzsoft CCFile aka CC File Transfer 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID f...

7.5CVSS8.5AI score0.02268EPSS
Exploits5References1
Cvelist
Cvelist
added 2017/08/21 7:0 a.m.21 views

CVE-2017-12784

In Youngzsoft CCFile aka CC File Transfer 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID f...

8.6AI score0.02268EPSS
Exploits5References1
Cisco
Cisco
added 2017/08/16 4:0 p.m.22 views

Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...

4.3CVSS4.8AI score0.01581EPSS
Exploits0References1
NVD
NVD
added 2017/07/12 3:29 p.m.16 views

CVE-2017-4052

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

9.8CVSS9.5AI score0.02077EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/07/12 3:0 p.m.19 views

CVE-2017-4052

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

9.5AI score0.02077EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/06/26 12:0 a.m.170 views

Multiple IP-Cameras Directory Traversal Vulnerability

The IP-Camera is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.5AI score0.68464EPSS
Exploits6References2
OSV
OSV
added 2017/06/23 10:29 p.m.4 views

CVE-2017-9828

'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...

9.8CVSS5.9AI score0.82455EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2017/06/21 12:0 a.m.3 views

Schneider Electric U.motion Builder loadtemplate.php SQL Injection (CVE-2017-7973)

An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the tpl HTTP parameter of the loadtemplate.php request. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the...

7.5CVSS1.1AI score0.01472EPSS
Exploits0
Cisco
Cisco
added 2017/06/07 4:0 p.m.27 views

Cisco Unified Communications Domain Manager Open Redirect Vulnerability

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters by the affected software. An attacker...

6.1CVSS6.3AI score0.01201EPSS
Exploits0References1
Cisco
Cisco
added 2017/06/07 4:0 p.m.28 views

Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerabilities are due to insufficient validation of user-supplied input in...

4.1CVSS5.7AI score0.01309EPSS
Exploits0References1
Rows per page
Query Builder