1380 matches found
CVE-2020-26566
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...
CVE-2020-26566
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...
Design/Logic Flaw
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...
CVE-2020-26566
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...
CVE-2020-26566
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...
CVE-2020-4493
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995...
motion -- Denial of Service
cxsecurity.com reports: A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request...
httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
CVE-2020-3130
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...
CVE-2020-3117
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...
Input validation
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...
CVE-2020-3117 Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance WSA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient...
CVE-2020-4616
IBM Data Risk Manager iDNA 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929...
Cisco Data Center Network Manager Privilege Escalation (cisco-sa-20180905-cdcnm-escalation)
According to its self-reported version, Cisco Data Center Network Manager is prior to version 11.01 and is, therefore, affected by a privilege escalation vulnerability in the web-based management interface due to incomplete validation of user input. An authenticated attacker could exploit this...
Important: Red Hat Security Advisory: httpd24-httpd security update
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass (cisco-sa-snort_filepolbypass-m4X5DgOP)
According to its self-reported version, Cisco Firepower Threat Defense Software is affected by vulnerability in the Snort detection engine. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An unauthenticated, remote attacker can exploit this...
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass (cisco-sa-snort_filepolbypass-m4X5DgOP)
According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by vulnerability in the Snort detection engine. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An unauthenticated, remote attacker can exploit this vulnerability...
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass (cisco-sa-snort_filepolbypass-m4X5DgOP)
According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by vulnerability in the Snort detection engine. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An unauthenticated, remote attacker can exploit this vulnerability...
Design/Logic Flaw
Cloud Foundry Routing Gorouter versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters...
Sql injection
An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...