1383 matches found
CVE-2017-10908
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...
CVE-2017-10868
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...
CVE-2017-10868
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...
CVE-2017-10908
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...
Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-34415)
Huawei DP300, RP200, TE series and TX50 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A buffer overflow vulnerability exists in several Huawei products, which is caused by the device failing to adequately validate parameters in the...
F5 BIG-IP Denial of Service Vulnerability (CNVD-2017-35572)
F5 BIG-IP is a collection of software and hardware that allows you to control the traffic that passes through your network. A denial of service vulnerability exists in F5 BIG-IP. A remote user can cause the target traffic management microkernel TMM to restart by sending a specially crafted HTTP...
CVE-2017-6160
In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel TMM to restart and temporarily fail to process traffic. This issue is exposed on virtual servers...
CVE-2017-12285
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...
Schneider Electric U.motion Builder nfcserver.php SQL Injection (CVE-2017-7973)
An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the sessionid HTTP request parameter in requests made to nfcserver.php.A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP reque...
Sql injection
SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...
CVE-2017-12784
In Youngzsoft CCFile aka CC File Transfer 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID f...
CVE-2017-12784
In Youngzsoft CCFile aka CC File Transfer 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID f...
Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability
A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...
CVE-2017-4052
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...
CVE-2017-4052
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...
Multiple IP-Cameras Directory Traversal Vulnerability
The IP-Camera is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-9828
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...
Schneider Electric U.motion Builder loadtemplate.php SQL Injection (CVE-2017-7973)
An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the tpl HTTP parameter of the loadtemplate.php request. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the...
Cisco Unified Communications Domain Manager Open Redirect Vulnerability
A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters by the affected software. An attacker...
Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerabilities are due to insufficient validation of user-supplied input in...