Lucene search
K

43 matches found

CVE
CVE
added 2023/08/15 6:25 p.m.52 views

CVE-2023-4336

CVE-2023-4336 affects Broadcom RAID Controller web interface. Root cause: insecure default HTTP configuration that fails to set the Secure attribute on cookies. Reported impact includes high confidentiality, integrity, and availability concerns (networks exploitability with no user interaction; b...

9.8CVSS9.5AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/15 6:25 p.m.17 views

CVE-2023-4336 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute...

9.6AI score0.00588EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/15 12:0 a.m.4 views

PT-2023-28815 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable due to an insecure default HTTP configuration that does not provide X-Content-Type-Options Headers. This issue...

9.8CVSS9.3AI score0.00588EPSS
Exploits0References6
NVD
NVD
added 2023/02/06 9:15 p.m.24 views

CVE-2022-48311

UNSUPPORTED WHEN ASSIGNED Cross Site Scripting XSS in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products tha...

9CVSS8.4AI score0.01006EPSS
Exploits1References1
Prion
Prion
added 2023/02/06 9:15 p.m.20 views

Cross site scripting

UNSUPPORTED WHEN ASSIGNED Cross Site Scripting XSS in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products tha...

6CVSS8.2AI score0.01006EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/01 2:15 p.m.1 views

CVE-2023-23127

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS during troubleshooting...

5.3CVSS6.1AI score0.00313EPSS
Exploits0References2
Veracode
Veracode
added 2022/03/22 8:0 a.m.24 views

Denial Of Service (DoS)

github.com/Dreamacro/clash is vulnerable to denial of service. The vulnerability exists because the library does not limit the http or https configuration files, allowing an attacker to crash the application by providing an embedded malicious iframe with a crafted URL...

8.8CVSS1.2AI score0.00634EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/01 12:0 a.m.7 views

PT-2021-7303 · Eclipse +1 · Eclipse Jetty +1

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.37.v20210219 through 9.4.38.v20210224 Description: The default compliance mode in Eclipse Jetty allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF director...

7.8CVSS5.9AI score0.82371EPSS
Exploits11References98
RedhatCVE
RedhatCVE
added 2020/08/03 2:15 p.m.28 views

CVE-2020-14325

A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request. Mitigation Red Hat recommends upgrading to secured released versions, however, this flaw can be...

6.4CVSS1.3AI score0.01087EPSS
Exploits0References4
OSV
OSV
added 2018/07/11 1:29 p.m.1 views

UBUNTU-CVE-2018-8007

Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...

7.2CVSS7.4AI score0.11681EPSS
Exploits3References5
Prion
Prion
added 2017/12/04 7:29 p.m.12 views

Information disclosure

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file...

5CVSS5.1AI score0.01445EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/12/04 7:29 p.m.14 views

CVE-2017-12080

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file...

5.3CVSS5.1AI score0.01445EPSS
Exploits0References1
CVE
CVE
added 2017/12/04 7:0 p.m.50 views

CVE-2017-12080

CVE-2017-12080 affects Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970. An information-disclosure vulnerability exists in the default HTTP configuration file that can let remote attackers obtain sensitive system information via an .htaccess file. The root cause is exposure via th...

5.3CVSS5.1AI score0.01445EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2015/10/29 12:0 a.m.26 views

Apple Mac OS X Web Service component (HTTP header) Security Bypass Vulnerability

Apple Mac OS X is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:apple:osxserver";...

5CVSS5.2AI score0.01983EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Cisco IOS 11.x/12.x HTTP Configuration Arbitrary Administrative Access Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2936/info IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. It is possible to gain full remote administrative access on devices usi...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Cisco IOS 11.x/12.x HTTP Configuration Arbitrary Administrative Access Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/2936/info IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. It is possible to gain full remote administrative access on devices usi...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Cisco IOS 11.x/12.x HTTP Configuration Arbitrary Administrative Access Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2936/info IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. It is possible to gain full remote administrative access on devices usi...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/01/30 12:0 a.m.585 views

HyperText Transfer Protocol (HTTP) Information

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc... This test is informational only and does not denote any security problem. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid24260;...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.15 views

Communigate Pro < 3.2 HTTP Configuration Port Remote Overflow

Binary data 1502.prm...

5CVSS7.3AI score0.01531EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.14 views

CommuniGate Pro < 3.2 HTTP Configuration Port Remote Overflow (deprecated)

Binary data 2006.prm...

5CVSS7.3AI score0.01531EPSS
Exploits0References2
Rows per page
Query Builder