Lucene search
K

11647 matches found

Cvelist
Cvelist
added 2019/07/30 8:22 p.m.23 views

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4AI score0.00709EPSS
Exploits1References1
CVE
CVE
added 2019/07/30 8:22 p.m.57 views

CVE-2019-5457

CVE-2019-5457 concerns a cross-site scripting (XSS) vulnerability in min-http-server (all versions). The root cause is failure to sanitize filenames in directory listings, allowing an attacker with access to the server file system to inject malicious characters into filenames and have JavaScript ...

5.4CVSS5.4AI score0.00709EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2019/07/27 5:44 a.m.52 views

Ruby: WEBrick::HTTPAuth::DigestAuth authentication is vulnerable to regular expression denial of service (ReDoS)

The private instance method splitparamvalue in class WEBrick::HTTPAuth::DigestAuth uses a regular expression that is vulnerable to denial of service due to catastrophic backtracking. The regular expression is: ^\s\w-.\%!+=\s"\.|^""\s,? Source:...

0.4AI score
Exploits0
OSV
OSV
added 2019/07/26 1:15 p.m.2 views

CVE-2019-13955

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

6.5CVSS6.8AI score0.03754EPSS
Exploits0References2
OSV
OSV
added 2019/07/26 1:15 p.m.3 views

CVE-2019-13954

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

6.5CVSS5.8AI score0.04258EPSS
Exploits0References2
NVD
NVD
added 2019/07/26 1:15 p.m.14 views

CVE-2019-13954

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

6.8CVSS6.5AI score0.04258EPSS
Exploits0References2
Prion
Prion
added 2019/07/26 1:15 p.m.15 views

Code injection

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

4CVSS6.5AI score0.03754EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/07/26 1:15 p.m.16 views

Code injection

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

6.8CVSS6.4AI score0.04258EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/26 12:15 p.m.19 views

CVE-2019-13954

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

6.6AI score0.04258EPSS
Exploits0References2
CVE
CVE
added 2019/07/26 12:15 p.m.433 views

CVE-2019-13954

CVE-2019-13954 – MikroTik RouterOS before 6.44.5 is affected by a memory-exhaustion DoS vulnerability in the HTTP server. An authenticated remote attacker can send a crafted HTTP request to crash the HTTP server and, in some cases, reboot the system. Malicious code injection is not possible. The ...

6.8CVSS6.5AI score0.04258EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/26 12:13 p.m.22 views

CVE-2019-13955

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

6.6AI score0.03754EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/07/26 4:48 a.m.30 views

Node.js third-party modules: [script-manager] Unintended require

I would like to report Unintended Require in script-manager. It allows loading arbitary non-production code js files. Module module name: script-manager version: 0.8.6 npm page: https://www.npmjs.com/package/script-manager Module Description node.js manager for running foreign and potentially...

7.5CVSS0.02871EPSS
Exploits1
Veracode
Veracode
added 2019/07/25 5:30 a.m.17 views

Cross-site Scripting (XSS)

min-http-server is vulnerable to cross-site scripting XSS. The attack is due to lack of sanitization of filenames before rendering as HTML in listing directory page...

5.4CVSS5.1AI score0.00709EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/07/23 11:15 p.m.34 views

CVE-2019-2751

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

5.9CVSS5.5AI score0.01422EPSS
Exploits0References1
OSV
OSV
added 2019/07/23 11:15 p.m.4 views

CVE-2019-2751

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

5.9CVSS6.5AI score0.01422EPSS
Exploits0References1
CVE
CVE
added 2019/07/23 10:31 p.m.68 views

CVE-2019-2751

CVE-2019-2751 affects Oracle Fusion Middleware Oracle HTTP Server (OHS Config MBeans) with affected versions 12.1.3.0.0 and 12.2.1.3.0. The vulnerability allows an unauthenticated attacker with network access via HTTPS to read/modify data, enabling unauthorized access to Oracle HTTP Server data. ...

5.9CVSS5.5AI score0.01422EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/23 5:45 p.m.43 views

Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217; and CVE-2019-0220)

Summary Apache HTTP Server has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details that affects the Rational...

7.8CVSS0.9AI score0.65005EPSS
Exploits8Affected Software1
OSV
OSV
added 2019/07/19 3:15 p.m.11 views

CVE-2019-13980

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads//originals remote code execution with nginx...

8.8CVSS7.8AI score
Exploits0References1
Prion
Prion
added 2019/07/19 3:15 p.m.17 views

Remote code execution

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads//originals remote code execution with nginx...

6.8CVSS9AI score0.0245EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/07/19 2:18 p.m.99 views

CVE-2019-13980

Directus 7 API (up to version 2.3.0) permits PHP uploads only when using Apache; with nginx, uploads/_/originals can lead to remote code execution. No exploitation details are provided in the given documents beyond this risk description. Remediation/patch details are not included in the connected...

8.8CVSS9AI score0.0245EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder