Lucene search
K

197 matches found

RedHat Linux
RedHat Linux
added 2017/03/22 5:51 p.m.9 views

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

7.5CVSS7.3AI score0.03133EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/03/22 5:21 p.m.4 views

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

7.5CVSS7.3AI score0.03133EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/08/18 8:26 p.m.4 views

python: http protocol steam injection attack

It was found that the Python's httplib library used by urllib, urllib2 and others did not properly check HTTPConnection.putheader function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values...

6.1CVSS7.3AI score0.09887EPSS
Exploits3References4
BDU FSTEC
BDU FSTEC
added 2015/10/06 12:0 a.m.4 views

Vulnerability of Firefox and Firefox ESR browsers, which allows attackers to bypass the CORS protection mechanism

The vulnerability of Firefox and Firefox ESR browsers is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass the CORS protection mechanism by duplicating cookie sequence keys or extracting values from the response header of an incorrect HTTP...

6.4CVSS7.7AI score0.03095EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2015/09/15 6:59 p.m.20 views

CVE-2015-6949

Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values...

9.3CVSS8.1AI score0.0702EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.8 views

Microsoft Windows XP WAV File Handler Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11503/info Microsoft Windows XP is reported prone to a denial of service vulnerability. The issue exists due to a lack of sufficient sanitization performed on WAV file header values before they are processed. If an exploi...

7.1AI score
Exploits0
OSV
OSV
added 2013/08/19 1:7 p.m.1 views

DEBIAN-CVE-2013-2175

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...

5CVSS6.5AI score0.03519EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/07/30 4:55 p.m.5 views

haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...

5CVSS5.9AI score0.03519EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/09/20 9:0 p.m.20 views

CVE-2012-3730

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender...

5.7AI score0.0173EPSS
Exploits0References4
exploitpack
exploitpack
added 2012/08/15 12:0 a.m.14 views

MobileCartly 1.0 - Arbitrary File Upload

MobileCartly 1.0 - Arbitrary File Upload Exploit Title: MobileCartly 1.0 Remote File Upload Vulnerability Google Dork: - Date: 14/08/2012 Exploit Author: ICheerNo0M Vendor Homepage: http://icheernoom.blogspot.com/ Software Link: http://mobilecartly.com/mobilecartly.zip Version: 1.0 Tested on:...

0.2AI score
Exploits0
Nmap
Nmap
added 2012/06/12 10:41 a.m.423 views

http-waf-fingerprint NSE Script

Tries to detect the presence of a web application firewall and its type and version. This works by sending a number of requests and looking in the responses for known behavior and fingerprints such as Server header, cookies and headers values. Intensive mode works by sending additional WAF specif...

10CVSS9.3AI score0.99448EPSS
Exploits33
OpenVAS
OpenVAS
added 2011/10/21 12:0 a.m.96 views

CentOS Update for httpd CESA-2011:1392 centos5 i386

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

7.8CVSS8.6AI score0.98945EPSS
Exploits28References2
OpenVAS
OpenVAS
added 2010/12/02 12:0 a.m.27 views

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability

Perl CGI.pm is prone to an unspecified security vulnerability related to handling of newlines embedded in header values. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

9.3AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2008/06/30 3:33 p.m.3 views

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

4.3CVSS5.9AI score0.05476EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2007/06/27 12:0 a.m.27 views

Debian DSA-1320-1 : clamav - several vulnerabilities

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2650 It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. - CVE-2007-30...

10CVSS6AI score0.03249EPSS
Exploits0References13
Cvelist
Cvelist
added 2007/05/09 10:0 p.m.33 views

CVE-2006-7195

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

5.4AI score0.05476EPSS
Exploits0References17
Apache Tomcat
Apache Tomcat
added 2007/05/09 12:0 a.m.46 views

Fixed in Apache Tomcat 5.5.18, 5.0.SVN

Moderate: Cross-site scripting CVE-2006-7195 The implicit-objects.jsp in the examples webapp displayed a number of unfiltered header values. This enabled a XSS attack. These values are now filtered. Affects: 5.0.0-5.0.30, 5.5.0-5.5.17...

4.3CVSS5.2AI score0.05476EPSS
Exploits0Affected Software1
Rows per page
Query Builder