11638 matches found
Apache Httpd < 2.4.42 : mod_rewrite CWE-601 open redirect
In Apache HTTP Server versions 2.4.0 to 2.4.41 some modrewrite configurations vulnerable to open redirect...
Novell HTTP Server Detection
Checks whether Novell HTTP Server is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the...
The vulnerability of the mod_ssl component in the Apache HTTP Server web server allows attackers to circumvent the configured access control restrictions.
The vulnerability of the modssl component in the Apache HTTP Server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent established access control restrictions when using client certificate verification with TLSv1.3...
The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to redirect users to a malicious website through a specially crafted web page.
The vulnerability of the modproxy module in the Apache HTTP Server is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to redirect users to a malicious website using a specially crafted web page...
EulerOS Virtualization for ARM 64 3.0.3.0 : httpd (EulerOS-SA-2019-2311)
According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection,...
Microsoft Visual Studio 2008 Express IDE XML Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-VISUAL-STUDIO-EXPRESS-2008-IDE-XML-EXTERNAL-ENTITY-0Day.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Visual Studio 2008 Express IDE vcsetup.exe File...
The vulnerability of the Jetty HTTP server, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the Jetty HTTP server is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures by sending containers containing SETTINGs, or multiple SETTINGs...
IBM HTTP Server Detection
Checks whether the IBM HTTP Server is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of th...
Oracle Linux 8 : php:7.3 (ELSA-2019-3736)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3736 advisory. php 7.3.5-5 - fix underflow in envpathinfo in fpmmain.c CVE-2019-11043 Tenable has extracted the preceding description block directly from the Oracle Linux...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7
An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release
Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Crystal Live HTTP Server 6.01 - Directory Traversal Vulnerability
Exploit for asp platform in category web applications Title: Crystal Live HTTP Server 6.01 - Directory Traversal Author: Numan Türle Vendor Homepage: https://www.genivia.com/ Version : Crystal Quality 6.01.x.x Software Link : https://www.crystalrs.com/crystal-quality-introduction/ POC --------- G...
Crystal Live HTTP Server 6.01 - Directory Traversal
Crystal Live HTTP Server 6.01 - Directory Traversal Title: Crystal Live HTTP Server 6.01 - Directory Traversal Date of found: 2019-11-17 Author: Numan Türle Vendor Homepage: https://www.genivia.com/ Version : Crystal Quality 6.01.x.x Software Link :...
Crystal Live HTTP Server 6.01 - Directory Traversal
Title: Crystal Live HTTP Server 6.01 - Directory Traversal Date of found: 2019-11-17 Author: Numan Türle Vendor Homepage: https://www.genivia.com/ Version : Crystal Quality 6.01.x.x Software Link : https://www.crystalrs.com/crystal-quality-introduction/ POC --------- GET...
Crystal Live HTTP Server 6.01 Directory Traversal
Title: Crystal Live HTTP Server 6.01 - Directory Traversal Date of found: 2019-11-17 Author: Numan Türle Vendor Homepage: https://www.genivia.com/ Version : Crystal Quality 6.01.x.x Software Link : https://www.crystalrs.com/crystal-quality-introduction/ POC --------- GET...
Python -- Regular Expression DoS attack against client
Ben Caller and Matt Schwager reports: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler...
gSOAP 2.8 - Directory Traversal
gSOAP 2.8 - Directory Traversal Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET /../../../../../../../../../etc/passwd HTTP/1.1...
EulerOS 2.0 SP5 : httpd (EulerOS-SA-2019-2157)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes...
XML Notepad 2.8.0.4 - XML External Entity Injection Exploit
Exploit Title: XML Notepad 2.8.0.4 - XML External Entity Injection Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.microsoft.com/ Software Link: https://github.com/microsoft/XmlNotepad Version: XML Notepad 2.8.0.4 Tested on: Windows 10 Pro CVE : N/A Step 1 File - Open - .xml Exploi...