IBM HTTP Server 6.1.0.0 <= 6.1.0.47 / 7.0.0.0 < 7.0.0.39 / 8.0.0.0 < 8.0.0.12 / 8.5.0.0 < 8.5.5.7 Stack Buffer Overflow (536441)

The version of IBM HTTP Server running on the remote host is affected by a stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and...

Backdoor.Win32.Infexor.b Remote SEH Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/34c09f7fd6668c89a59ebdc8f12d1e7b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Infexor.b Vulnerability: Buffer Overflow Description: Remote SEH Stack Buffer Overflow...

IBM HTTP Server 8.5.0.0 <= 8.5.5.0 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.29 / 6.1.0.0 <= 6.1.0.45 (227047)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE reques...

CVE-2020-25066

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service crash/reset or to possibly execute arbitrary code...

Heap overflow

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service crash/reset or to possibly execute arbitrary code...

CVE-2020-25066

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service crash/reset or to possibly execute arbitrary code...

CVE-2020-25066

The CVE-2020-25066 issue is a heap-based buffer overflow in the Treck HTTP Server component prior to version 6.0.1.68. Exploitation could cause a denial of service (crash/reset) and, in some cases, may allow arbitrary code execution on affected devices. This vulnerability is triggered via the Tre...

CVE-2020-29596

MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service daemon crash via a long name for the first parameter in a POST request...

Cross site request forgery (csrf)

MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service daemon crash via a long name for the first parameter in a POST request...

CVE-2020-29596

MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service daemon crash via a long name for the first parameter in a POST request...

CVE-2020-29596

CVE-2020-29596 affects MiniWeb HTTP server 0.8.19. The vulnerability lets remote attackers cause a denial of service (daemon crash) by sending a long name for the first parameter in a POST request. Public references (e.g., Exploit-DB, Packet Storm) exist; technical details in the updated document...

Treck TCP/IP stack denial of service vulnerability

Treck TCP/IP is a suite of TCP Transmission Control Protocol/IP Internet Interconnection Protocol from Treck, Inc. dedicated to embedded systems. A denial of service vulnerability exists in Treck TCP/IP stack version 6.0.1.67 and prior versions, which stems from a vulnerability in the Treck HTTP...

Treck TCP/IP 缓冲区错误漏洞

Treck TCP/IP is a suite of TCP Transmission Control Protocol/IP Internet Interconnection Protocol from Treck, Inc. dedicated to embedded systems. A denial of service vulnerability exists in Treck TCP/IP stack version 6.0.1.67 and prior versions, which stems from a vulnerability in the Treck HTTP...

Treck TCP/IP Stack (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerability : Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2,...

GitLab 11.4.7 - Remote Code Execution (Authenticated)

Exploit Title: GitLab 11.4.7 Authenticated Remote Code Execution No Interaction Required Date: 15th December 2020 Exploit Author: Mohin Paramasivam Shad0wQu35t Software Link: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested on...

IBM HTTP Server 8.5.0.0 <= 8.5.5.5 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.37 Information Disclosure (260001)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct...

IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.13 / 8.5.0.0 < 8.5.5.11 / 9.0.0.0 < 9.0.0.1 HTTP Redirect (548223)

The version of IBM HTTP Server running on the remote host is affected by an HTTP redirect vulnerability related to Apache HTTP Server. The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in th...

IBM HTTP Server 6.1.0.0 <= 6.1.0.47 / 7.0.0.0 < 7.0.0.39 / 8.0.0.0 < 8.0.0.12 / 8.5.0.0 < 8.5.5.7 HTTP Request Smuggling (533835)

The version of IBM HTTP Server running on the remote host is affected by an HTTP request smuggling vulnerability related to Apache HTTP Server. The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers t...

IBM HTTP Server 7.0.0.0 < 7.0.0.33 / 8.0.0.0 < 8.0.0.9 / 8.5.0.0 < 8.5.5.2 Buffer Overflow (244199)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability related to Apache HTTP Server. The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which...

IBM HTTP Server 8.5.0.0 <= 8.5.5.1 / 8.0.0.0 <= 8.0.0.8 / 7.0.0.0 <= 7.0.0.31 / 6.1.0.0 <= 6.1.0.47 (242057)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a craft...