Lucene search
K

16600 matches found

OSV
OSV
added 2024/07/11 3:15 a.m.14 views

CVE-2016-15039

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...

5.3CVSS6.7AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/07/11 3:15 a.m.14 views

CVE-2016-15039

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...

6.5CVSS6.1AI score0.00426EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/11 2:31 a.m.10 views

CVE-2016-15039 mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...

6.5CVSS6.8AI score0.00426EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/11 2:31 a.m.28 views

CVE-2016-15039 mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...

6.5CVSS0.00426EPSS
Exploits0References3
CVE
CVE
added 2024/07/11 2:31 a.m.57 views

CVE-2016-15039

CVE-2016-15039 affects mhuertos phpLDAPadmin up to commit 665dbc2690ebeb5392d38f1fece0a654225a0b38. The vulnerability targets the makeHttpRequest function in htdocs/js/ajax_functions.js and enables http request smuggling. Exploitation is remote. The project does not use versioning, and affected/u...

6.5CVSS6.3AI score0.00426EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/07/11 2:31 a.m.10 views

CVE-2016-15039

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...

6.5CVSS5.9AI score0.00426EPSS
Exploits0
NVD
NVD
added 2024/07/09 4:15 p.m.22 views

CVE-2024-23663

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...

8.8CVSS0.0064EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 3:33 p.m.20 views

CVE-2024-23663

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...

8.8CVSS0.0064EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 3:33 p.m.25 views

CVE-2024-23663

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...

8.8CVSS8.5AI score0.0064EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 3:33 p.m.67 views

CVE-2024-23663

CVE-2024-23663 describes an improper access-control flaw in Fortinet FortiExtender, allowing an attacker to create users with elevated privileges via a crafted HTTP request. Affected FortiExtender versions span 4.1.1–4.1.9, 4.2.0–4.2.6, 5.3.2, 7.0.0–7.0.4, 7.2.0–7.2.4, and 7.4.0–7.4.2. Public dis...

8.8CVSS7AI score0.0064EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/09 2:38 p.m.22 views

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling in Node.js (CVE-2024-27982)

Summary Node.js is used by IBM DataPower Gateway in the Gateway Director and UI components. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By sending specially crafted HTT...

6.5CVSS5.7AI score0.01155EPSS
Exploits0Affected Software1
Ubuntu
Ubuntu
added 2024/07/09 1:11 a.m.38 views

USN-6880-1: Tomcat vulnerability

Sam Shahsavar discovered that Apache Tomcat did not properly reject HTTP requests with an invalid Content-Length header. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks...

7.5CVSS7.2AI score0.01448EPSS
Exploits0
OSV
OSV
added 2024/07/09 12:31 a.m.11 views

GHSA-CH7Q-GPFF-H9HP Undertow Missing Release of Memory after Effective Lifetime vulnerability

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

6.3CVSS5.9AI score0.01866EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2024/07/09 12:31 a.m.26 views

Undertow Missing Release of Memory after Effective Lifetime vulnerability

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS6.6AI score0.01866EPSS
Exploits0References14Affected Software1
OpenVAS
OpenVAS
added 2024/07/09 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-6880-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.01448EPSS
Exploits0References2
NVD
NVD
added 2024/07/08 10:15 p.m.42 views

CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS0.01866EPSS
Exploits0References9
OSV
OSV
added 2024/07/08 10:15 p.m.26 views

CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS6.5AI score0.01866EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/07/08 10:15 p.m.11 views

CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS6.7AI score0.01866EPSS
Exploits0References4
OSV
OSV
added 2024/07/08 10:15 p.m.3 views

UBUNTU-CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS7.1AI score0.01866EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/08 9:21 p.m.13 views

CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS6.6AI score0.01866EPSS
Exploits0References8
Rows per page
Query Builder