CVE-2024-47789 Credential Leakage Vulnerability

UNSUPPORTED WHEN ASSIGNED This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP...

CVE-2024-47789

The CVE-2024-47789 entry concerns D3D Security IP Camera D8801. The vulnerability arises from a weak authentication scheme in the HTTP header protocol, where the authorization tag contains a Base-64 encoded username and password. A remote attacker could exploit this by crafting an HTTP packet, re...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

CVE-2024-8890

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...

CVE-2024-8890

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...

CVE-2024-8890

CVE-2024-8890 affects CIRCUTOR Q-SMT devices running firmware 1.0.4. The root issue is that the device only implements the HTTP protocol, preventing a secure channel and enabling an attacker with network access to obtain legitimate credentials or steal sessions. The exploitation context is networ...

CVE-2024-8890 Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...

MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure', 'Description' = %q This module dumps memory contents using...

MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service', 'Description' = %q This module will check if scanned hosts are vulnerable to...

Windows IIS HTTP Protocol Stack Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...

Medium: oci-add-hooks

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

The vulnerability of the Quality Management Specs component in the Oracle Process Manufacturing (OPM) application for process management systems in the Oracle E-Business Suite allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Quality Management Specs component in the Oracle Process Manufacturing OPM application for process development involves deficiencies in the authorization procedures. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, modify, or dele...

The vulnerability of the Personalization component of the Oracle Applications Framework, a web application development platform, within the Oracle E-Business Suite, allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Personalization component of the Oracle Applications Framework, a platform for developing web applications in enterprise automation systems within the Oracle E-Business Suite, is related to improper authentication. Exploiting this vulnerability allows an attacker to gain...

The vulnerability of the GL Accounts component of the Oracle Trade Management software, a part of the Oracle E-Business Suite, allows an attacker to gain unauthorized access to read, modify, or delete data.

The vulnerability of the GL Accounts component of the Oracle Trade Management software, a part of the Oracle E-Business Suite, relates to improper authorization. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data...

The vulnerability of the Allocation Rules component in the financial management tool of the Oracle Process Manufacturing Financials system, a part of the Oracle E-Business Suite. This vulnerability allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Allocation Rules component in the financial management tool of the Oracle Process Manufacturing Financials system, part of the Oracle E-Business Suite, is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker,...

CVE-2024-40620 Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the...

The vulnerability of the Work Definition component in the Oracle Enterprise Asset Management application for enterprise asset management systems within the Oracle E-Business Suite allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Work Definition component in the Oracle Enterprise Asset Management application for enterprise asset management is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to rea...

Man-in-the-middle (MitM) Attack

github.com/codenotary/immudb is vulnerable to a man-in-the-middle MitM attack. The vulnerability is due to the use of the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, which allows an attacker to intercept communications between the client and server...

CVE-2024-41262

mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack...

CVE-2024-41262

mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack...