Lucene search
+L

35 matches found

bdu_fstec
bdu_fstec
added 2020/12/18 12:0 a.m.6 views

The vulnerability of the Node.js software platform is related to an error in handling HTTP headers, which allows attackers to trigger a service failure.

The vulnerability of the Node.js software platform is related to an error in handling HTTP header names. Exploiting this vulnerability can allow a remote attacker to cause service failures...

7.5CVSS6.5AI score0.08794EPSS
Exploits0References9Affected Software3
osv
osv
added 2019/12/04 5:28 p.m.4 views

USN-4213-1 squid, squid3 vulnerabilities

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-12523 Jeriko One...

9.8CVSS6.8AI score0.40982EPSS
Exploits0References8
osv
osv
added 2019/11/17 7:22 p.m.10 views

OPENSUSE-SU-2019:2522-1 Security update for go1.12

This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling bsc1152082. - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys bsc1154402. Non-security issue fixed:...

7.5CVSS7.7AI score0.05157EPSS
Exploits1References6
osv
osv
added 2019/11/11 12:6 p.m.8 views

SUSE-SU-2019:2940-1 Security update for go1.12

This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling bsc1152082. - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys bsc1154402. Non-security issue fixed:...

7.5CVSS7.5AI score0.05157EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2019/08/16 12:0 a.m.4 views

PT-2019-3170 · Cisco · Cisco Firepower Services Software For Asa +2

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense Software affected versions not specified Cisco FirePOWER Services Software for ASA affected versions not specified Cisco Firepower Management Center Software affected versions not specified Description: The issu...

5.8CVSS7.2AI score0.00975EPSS
Exploits0References3
nvd
nvd
added 2017/07/17 1:18 p.m.20 views

CVE-2017-1000059

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...

6.1CVSS6.2AI score0.01132EPSS
Exploits0References1
cvelist
cvelist
added 2017/07/13 8:0 p.m.25 views

CVE-2017-1000059

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...

6.2AI score0.01132EPSS
Exploits0References1
cnvd
cnvd
added 2016/07/28 12:0 a.m.7 views

Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability

Cisco FireSIGHT System Software is the United States Cisco Cisco company's set of management center software, which supports the centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security appliances network security and operational functions of the...

7.5CVSS6.9AI score0.02113EPSS
Exploits0References1
appercut
appercut
added 2016/06/01 12:0 a.m.681 views

LogicalDoc Document Managment System CE: source code security analysis report

Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...

8.1AI score
Exploits0References1Affected Software1
nessus
nessus
added 2014/10/21 12:0 a.m.108 views

IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities

The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service...

6.8CVSS7.5AI score0.85744EPSS
Exploits7References14
metasploit
metasploit
added 2013/06/04 1:53 p.m.73 views

MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution

This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MiniUPnPd 1.0 Stac...

10CVSS0.9AI score0.69151EPSS
Exploits14
zdt
zdt
added 2012/12/20 12:0 a.m.71 views

FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference

FireFly Mediaserver version 1.0.0.1359 suffers from a denial of service vulnerability that can be triggered by a NULL pointer dereference. Product: FireFly Mediaserver Vendor: FireFly Vulnerable Versions: 1.0.0.1359 and probably prior Tested Version: 1.0.0.1359 in Windows 7 SP1 Vendor Notificatio...

5CVSS0.1AI score0.10814EPSS
Exploits6
openvas
openvas
added 2011/01/31 12:0 a.m.10 views

Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability

Weborf is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Versions prior to Weborf 0.12.5 are vulnerable. OpenVAS Vulnerability Test $Id: gbweborf46054.nasl 7015 2017-08-28 11:51:24Z teissa...

0.1AI score
Exploits0References3
nessus
nessus
added 2010/12/29 12:0 a.m.30 views

Novell iPrint Client < 5.56 Multiple Vulnerabilities

The version of Novell iPrint Client installed on the remote host is earlier than 5.56. Such versions are reportedly affected by one or more of the following vulnerabilities that can allow for arbitrary code execution : - The iPrint ActiveX control fails to sanitize input to the 'GetDriverSettings...

9.3CVSS6.2AI score0.32951EPSS
Exploits11References16
nessus
nessus
added 2002/08/14 12:0 a.m.33 views

Web Server HTTP Header Handling Remote Overflow

It was possible to kill the web server by sending an invalid request with a long header name or value. A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description...

6AI score
Exploits0
Rows per page
Query Builder