55 matches found
Debut Embedded HTTPd 1.20 - Denial of Service
Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut embedded http server contains a remotely exploitable...
Denial of Service
Overview Versions of hapi prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500...
Enter: Error stack trace
Make request removed csrf token in POST data POST /settings HTTP/1.1 Host: wallet.robocoin.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:34.0 Gecko/20100101 Firefox/34.0 Accept: / Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type:...
Macromedia Sitespring 1.2 Default Error Page Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5249/info Macromedia Sitespring is a J2EE-compliant product for managing website production. The Macromedia Sitespring server runs on Microsoft Windows operating systems. A cross-site scripting issue has been reported in...
HTTP 500 Detection
Binary data 6844.prm...
Ruby On Rails Attributes Mass Assignment Scanner
This module scans Ruby On Rails sites for models with attributes not protected by attrprotected or attraccessible. After attempting to assign a non-existent field, the default rails with activerecord setup will raise an ActiveRecord::UnknownAttributeError exception, and reply with HTTP code 500...
Get 500 when trying to communicate to confluence via trusted apps.
Steps to reproduce. 1 Install confluence 2.9.2 and crucible 1.6.5 2 Setup trusted apps to crucible specify a "IP address Matches as 10.0.100.123 3 Install the confluence crucible plugin...
Get 500 when trying to communicate to confluence via trusted apps.
Steps to reproduce. 1 Install confluence 2.9.2 and crucible 1.6.5 2 Setup trusted apps to crucible specify a "IP address Matches as 10.0.100.123 3 Install the confluence crucible plugin...
Get 500 when trying to communicate to confluence via trusted apps.
Steps to reproduce. 1 Install confluence 2.9.2 and crucible 1.6.5 2 Setup trusted apps to crucible specify a "IP address Matches as 10.0.100.123 3 Install the confluence crucible plugin...
Microsoft Exchange OWA 长用户名拒绝服务漏洞
微软Exchange OWAOutlook Web Access组件存在一个拒绝服务漏洞。当使用很多"%"作 为用户名和口令登录时,OWA会返回HTTP 500 - Internal server error信息。用户将不 能通过IE进行登录。据报告说WWW发布服务和IIS管理服务会停止响应。 Microsoft Exchange Server 5.5 SP4 Microsoft Exchange Server 5.5 SP3 Microsoft Exchange Server 5.5 SP2 Microsoft Exchange Server 5.5 SP1 Microsoft...
CVE-2007-1504
Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...
CVE-2002-1027
Cross-site scripting vulnerability in the default HTTP 500 error script 500error.jsp for Macromedia Sitespring 1.2.0 277.1 allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter...
CVE-2002-1027
Cross-site scripting vulnerability in the default HTTP 500 error script 500error.jsp for Macromedia Sitespring 1.2.0 277.1 allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter...
CVE-2002-0245
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to 1 determine the physical path of the server via a request for a nonexistent file with a .pl Perl extension, which leaks the pathname in the error message, or 2 make any request that causes an HTTP 500 error, which leaks th...
CVE-2002-0245
CVE-2002-0245 affects Lotus Domino server 5.0.8 with NoBanner enabled. The vulnerability enables two information disclosures: (1) by requesting a non-existent file with a .pl extension, an error message reveals the server’s physical path; (2) any request that triggers an HTTP 500 error leaks the ...