CVE-2019-11066

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...

CVE-2019-11066

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...

CVE-2019-11066

CVE-2019-11066 affects LightOpenID up to version 1.3.1, where openid.php is vulnerable to SSRF via a crafted OpenID 2.0 assertion request that uses HTTP GET. The vulnerability originates in LightOpenID’s handling of OpenID 2.0 assertion requests, enabling server-side requests to arbitrary destina...

Rockwell Automation/Allen-Bradley MicroLogix Controllers <= 16.00 Information Exposure

Binary data 720124.prm...

Remote Code Execution

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting XSS flaw was found in the way the Red Hat Satellite web interface...

CVE-2019-11488

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser histor...

Improper access control

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser histor...

CVE-2019-11488

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser histor...

Foscam IP Camera Remote Detection

Detects the installation of Foscam Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either...

Integer overflow

DISPUTED lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in...

CVE-2019-11072

The issue is in lighttpd before 1.4.54 where a signed integer overflow in burl_normalize_2F_to_slash_fix could be triggered by crafted input via HTTP GET requests, potentially causing a denial of service (application crash) and possibly other impact. The vulnerability is tied to a feature introdu...

CVE-2019-11072

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c. NOTE:...

PT-2019-5414 · Lighttpd +1 · Lighttpd +1

Name of the Vulnerable Software and Affected Versions: lighttpd versions prior to 1.4.54 Description: The issue is related to a signed integer overflow in lighttpd, which could allow remote attackers to cause a denial of service application crash or possibly have other unspecified impacts via a...

CVE-2019-6531

An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 if the attacker is in an MITM position...

Design/Logic Flaw

An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 if the attacker is in an MITM position...

CVE-2019-6531

An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 or Software Version 1.1.13166 if the attacker is in an MITM position...

Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

GHSA-VRH8-27Q8-FR8F Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

Server side request forgery (ssrf)

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...