Lucene search
K

80 matches found

Schneier on Security
Schneier on Security
added 2021/06/15 3:45 p.m.27 views

Andrew Appel on New Hampshire’s Election Audit

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of...

0.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.6 views

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

9.1CVSS7.1AI score0.08914EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/05/28 3:58 p.m.3 views

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

9.1CVSS7.1AI score0.08914EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/12 5:2 p.m.3 views

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

9.1CVSS7.1AI score0.08914EPSS
Exploits1References5
Veracode
Veracode
added 2020/01/31 6:26 a.m.33 views

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The library does not detect if a colon is missing when parsing HTTP headers. This allows an attacker to smuggle HTTP requests via an invalid line fold...

9.1CVSS3.6AI score0.08914EPSS
Exploits1References117Affected Software3
OSV
OSV
added 2020/01/29 9:15 p.m.2 views

DEBIAN-CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

9.1CVSS6.9AI score0.08914EPSS
Exploits1References1
Prion
Prion
added 2020/01/29 9:15 p.m.35 views

Design/Logic Flaw

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

6.4CVSS8.9AI score0.08914EPSS
Exploits1References66Affected Software6
Debian CVE
Debian CVE
added 2020/01/29 8:33 p.m.31 views

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

9.1CVSS7.2AI score0.08914EPSS
Exploits1
n0where
n0where
added 2017/09/26 4:54 a.m.47 views

Advanced Policy Firewall: APF

Advanced Policy Firewall APF is an iptablesnetfilter based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an...

7.1AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/08/18 12:0 a.m.7 views

The vulnerability of the Oniguruma library, related to writing beyond the buffer boundaries on the stack, allows a hacker to cause a service failure.

The vulnerability of the Oniguruma library exists due to the improper handling of the code position 0xFFFFFFFF in the unicodeunfoldkey function during the compilation of regular expressions. As a result, when the nigencunicodegetcasefoldcodesbystr function is called, 4 bytes will be written at th...

7.5CVSS7.2AI score0.0308EPSS
Exploits1References3Affected Software3
OSV
OSV
added 2017/07/07 6:29 p.m.3 views

CVE-2017-11100

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swfFoldSprite function in lib/rxfswf.c...

8.8CVSS5.8AI score0.01421EPSS
Exploits1References1
CNVD
CNVD
added 2017/05/26 12:0 a.m.15 views

Oniguruma 'onigenc_unicode_get_case_fold_codes_by_str()' function stack buffer overflow vulnerability

mbstring Multi-Byte String is a language encoding extension library in PHP PHP: Hypertext Preprocessor; Oniguruma-mod is a regular expression library in Ruby programming language.Oniguruma is one of the a regular expression engine. A stack buffer overflow vulnerability exists in the...

9.8CVSS7.2AI score0.0308EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2011/01/10 12:0 a.m.18 views

WikLink 0.1.3 SQL Injection

www.eVuln.com advisory: "fold" and "site" SQL Injections in WikLink Summary: http://evuln.com/vulns/172/summary.html Details: http://evuln.com/vulns/172/description.html -----------Summary----------- eVuln ID: EV0172 Software: WikLink Vendor: n/a Version: 0.1.3 Critical Level: medium Type: SQL...

0.1AI score
Exploits0
myhack58
myhack58
added 2009/09/22 12:0 a.m.17 views

DB2 database ASCII half-fold method-injection method-vulnerability warning-the black bar safety net

Go from:Zhu Commander-in-chief DB2 database ASCII half-fold method injection method UNION way is temporarily not available. research, the air then toss, the project has encountered a DB2 database, the Internet wasn't full of information, shoving the whole of this part, the first Strip and the...

1.9AI score
Exploits0
Metasploit
Metasploit
added 2008/07/08 2:21 p.m.13 views

UoW pop2d Remote File Retrieval Vulnerability

This module exploits a vulnerability in the FOLD command of the University of Washington ipop2d service. By specifying an arbitrary folder name it is possible to retrieve any file which is world or group readable by the user ID of the POP account. This vulnerability can only be exploited with a...

7.4AI score
Exploits0
OSV
OSV
added 2005/07/26 4:0 a.m.2 views

DEBIAN-CVE-2005-2368

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...

9.3CVSS7.7AI score0.02726EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2005/07/26 4:0 a.m.30 views

CVE-2005-2368

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...

9.3CVSS7.2AI score0.02726EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.8 views

ipop2d fold Command Arbitrary File Access

Binary data 1783.prm...

7.3AI score
Exploits0
CVE
CVE
added 2000/03/22 5:0 a.m.52 views

CVE-1999-0920

CVE-1999-0920 affects the pop-2d POP daemon in the IMAP package. The root cause is a buffer overflow triggered by the FOLD command, enabling remote attackers to gain privileges. Public references describe the issue as high-severity with a network‑vectored, low‑complexity exploit and a CVSS v2 bas...

10CVSS7.2AI score0.32367EPSS
Exploits0References1Affected Software2
NVD
NVD
added 1999/05/26 4:0 a.m.16 views

CVE-1999-0920

Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command...

10CVSS7.2AI score0.32367EPSS
Exploits0References1
Rows per page
Query Builder