3707 matches found
Design/Logic Flaw
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...
CVE-2018-15700
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...
CVE-2018-15701
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field...
CVE-2018-15700
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...
CVE-2018-15701
CVE-2018-15701 affects TP-Link TL-WRN841N (firmware 0.9.1 4.16 v0348.0) where the web interface is vulnerable to a denial-of-service when an unauthenticated LAN user sends a crafted HTTP header with an unexpected Cookie field. The issue is triggered via the web management interface; the precise r...
CVE-2018-15700
The CVE-2018-15700 issue affects TP-Link TL-WRN841N running 0.9.1 4.16 v0348.0 where an unauthenticated LAN user can trigger a denial of service by sending a crafted HTTP header with an unexpected Referer field. Public documentation/connected sources describe the vulnerability in the device web i...
Sql injection
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header...
CVE-2018-17136
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header...
CVE-2018-17136
CVE-2018-17136 affects ZZCMS v8.3, with a SQL Injection in /user/check.php exploitable via the Client-Ip HTTP header. Root cause is improper handling of the header leading to SQL command injection. Exploitation details are not provided beyond the architectural description; CVSS metrics indicate a...
Monstra CMS HTTP Header Injection Vulnerability
Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. An HTTP header injection vulnerability exists in the 'cfg' parameter of the...
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
Design/Logic Flaw
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
CVE-2018-16979
CVE-2018-16979 affects Monstra CMS 3.0.4. The Nuclei template and related descriptions confirm an HTTP header injection vulnerability in plugins/captcha/crypt/cryptographp.php cfg parameter, allowing an attacker to craft input that can redirect users to attacker-controlled domains, enable cache p...
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
CVE-2018-16832
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...
CVE-2018-16832
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...
Design/Logic Flaw
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0...
CVE-2016-1000232
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0...
D-Link DIR-615 - Denial of Service (PoC)
D-Link DIR-615 - Denial of Service PoC Exploit Title: D-Link DIR-615 - Denial of Service PoC Date: 2018-08-09 Vendor Homepage: http://www.dlink.co.in Hardware Link: https://www.amazon.in/D-Link-DIR-615-Wireless-N300-Router-Black/dp/B0085IATT6 Version: D-Link DIR-615 Category: Hardware Exploit...