116 matches found
CVE-2024-23641 Sending a GET or HEAD request with a body crashes SvelteKit
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...
Sending a GET or HEAD request with a body crashes SvelteKit
Summary In SvelteKit 2 sending a GET request with a body eg to a SvelteKit app in preview or with adapter-node throws Request with GET/HEAD method cannot have body. and crashes the app. node:internal/deps/undici/undici:6066 throw new TypeError"Request with GET/HEAD method cannot have body."; ^...
SvelteKit Input Validation Error Vulnerability
SvelteKit is an open source web development framework from Svelte. SvelteKit has an input validation error vulnerability that stems from the fact that sending a GET or HEAD request can cause the application to crash...
CVE-2021-4433
A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2021-4433
A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2021-4433
Karjasoft Sami HTTP Server 2.0 is affected in the HTTP HEAD Request Handler component. The vulnerability (CVE-2021-4433) arises from manipulation of this handler, leading to remote denial of service. Exploitation has been disclosed publicly. Remediation suggestions from PT Security indicate disab...
CVE-2021-4433 Karjasoft Sami HTTP Server HTTP HEAD Rrequest denial of service
A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclose...
HackerOne: Bypass of #2035332 RXSS at image.hackerone.live via the `url` parameter
A reflected cross-site scripting RXSS vulnerability was discovered on the image.hackerone.live website. The vulnerability allowed an attacker to bypass the fix implemented for a previous RXSS issue. By modifying the server's response to a HEAD request, the attacker could change the Content-Type a...
Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
Jenkins Deploy WebLogic Plugin missing permission check
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
GHSA-89VJ-RQV8-7737 Jenkins Deploy WebLogic Plugin missing permission check
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
Django Might Allow CSRF Requests via URL Verification
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...
CVE-2019-17181
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 2007-06-03. An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system...
CVE-2018-19861
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued...
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit
Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...
MiniShare 1.4.1 HEAD / POST Buffer Overflow Exploit
Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...
MiniShare 1.4.1 HEAD / POST Buffer Overflow
Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
Added: 10/25/2017 CVE: CVE-2017-6622 BID: 98520 Background The Cisco Prime Collaboration product family facilitates installation and maintenance of Cisco Unified Communications and Cisco TelePresence components, as well as the provisioning of users and services. Problem Missing security constrain...
Stack overflow
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service tvMobiliService service crash via a long string in a 1 GET or 2 HEAD request to TCP port 30888...
CVE-2012-5451
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service tvMobiliService service crash via a long string in a 1 GET or 2 HEAD request to TCP port 30888...