11652 matches found
Denial Of Service (DoS)
httpd is vulnerable to denial of service DoS attacks. The vulnerability exists as the deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resourc...
Denial Of Service (DoS)
node is vulnerable to denial-of-service. Improper processing of pipelined requests allows a remote attacker to send a large number of pipelined requests to cause high memory and CPU consumption which can result in a denial of service condition in the HTTP server...
Cross-site Scripting (XSS)
Apache HTTP Server is vulnerable to cross-site scripting XSS attacks. The vulnerability exists in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticat...
Microsoft Excel .SLK Payload Delivery
This module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute...
CVE-2018-0282 Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block TCB state. While this...
PHP 5.6.x < 5.6.19 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.19. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file ext/wddx/wddx.c in the phpwddxpopelement function when handling XML data. An unauthenticated,...
PHP 7.0.x < 7.0.4 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.4. It is, therefore, affected by multiple vulnerabilities : - A type confusion error exists in file ext/soap/phphttp.c in the makehttpsoaprequest function when handling cookie data. An...
EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1002)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This...
CVE-2019-5489
The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...
CVE-2019-5489
CVE-2019-5489 affects the Linux kernel mincore() implementation (mm/mincore.c) up to version 4.19.13. It enables a local attacker to observe page cache access patterns of other processes sharing memory, leading to potential information disclosure; the impact is described as partial confidentialit...
CVE-2019-5489
The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...
CVE-2019-5489
The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...
Design/Logic Flaw
The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...
CVE-2019-5489
The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...
Fedora 28 : httpd (2018-6744ca470d)
This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release : - Low: Possible out of bound read in modcachesocache CVE-2018-1303 - Low: Possible out of bound access after failure in reading the HTTP...
EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1427)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This...
CVE-2018-20370
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...
Design/Logic Flaw
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...
CVE-2018-20370
SZ NetChat before 7.9 is vulnerable to Cross-Site Scripting in the Options module (MyName input). The root cause is an XSS flaw in the MyName field, allowing a remote attacker to inject inputs that could compromise the enabled HTTP server web frontend. The public references consistently describe ...
CVE-2018-20370
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...