3939 matches found
Design/Logic Flaw
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
CVE-2010-0408
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
CVE-2010-0408
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
Cross site scripting
Cross-site scripting XSS vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request...
HP OpenView Data Protector Application Recovery Manager Buffer Overflow (CVE-2009-3844)
HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The Cell Manager is the central point from which backup agents and device servers are...
CVE-2010-0312
The doextendedOp function in ibmslapd in IBM Tivoli Directory Server TDS 6.2 on Linux allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted SecureWay 3.2 Event Registration Request aka a 1.3.18.0.2.12.1 request...
Design/Logic Flaw
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service Management Console shutdown via a crafted request. NOTE: some of the...
DEBIAN-CVE-2009-4498
The nodeprocesscommand function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request...
CVE-2009-4498
The nodeprocesscommand function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request...
CVE-2009-4500
The processtrap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service crash via a crafted request with data that lacks an expected : colon separator, which triggers a NULL pointer dereference...
CVE-2009-4498
The nodeprocesscommand function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request...
CVE-2009-4498
The nodeprocesscommand function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request...
CVE-2009-4499
SQL injection vulnerability in the gethistorylastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the sendhistorylastid function in zabbixserver/trapper/nodehistory.c...
CVE-2009-4500
The processtrap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service crash via a crafted request with data that lacks an expected : colon separator, which triggers a NULL pointer dereference...
CVE-2009-4448
inc/functionstime.php in MyBB aka MyBulletinBoard 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service CPU consumption via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors...
Design/Logic Flaw
inc/functionstime.php in MyBB aka MyBulletinBoard 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service CPU consumption via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors...
CVE-2009-4448
inc/functionstime.php in MyBB aka MyBulletinBoard 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service CPU consumption via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors...
CVE-2009-4170
WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message...
SAP MaxDB Remote Arbitrary Commands Execution (CVE-2008-0244)
SAP MaxDB is an open source relational database management system RDBMS developed and supported by SAP AG. MaxDB is targeted for large SAP environments such as mySAP Business Suite and other applications that require enterprise level database functionality. MaxDB is available for the most promine...
WordPress Trackback脚本拒绝服务漏洞
CVE ID: CVE-2009-3622 WordPress是一款免费的论坛Blog系统。 WordPress的wp-trackback.php脚本允许用户向mbconvertencoding函数提交多个源字符编码。如果远程攻击者在提交的HTTP请求中包含有超长的标题参数和由多个逗号分隔的UTF-8子字符串所组成的字符集参数,就可以占用大量CPU资源。 WordPress 2.8.5 厂商补丁: WordPress --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...