CVE-2019-13955

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

CVE-2018-16710

OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the...

CVE-2019-13940

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU All versions V3.X.17, SIMATIC ET 200pro IM154-8F PN/DP CPU All versions V3.X.17, SIMATIC ET 200pro IM154-8FX PN/DP CPU All versions V3.X.17, SIMATIC ET 200S IM151-8 PN/DP CPU All versions V3.X.17, SIMATIC ET 200S IM151-8F...

CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaratio...

CVE-2014-5329

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

CVE-2012-5970

The Huawei E585 device allows remote attackers to cause a denial of service NULL pointer dereference and device outage via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software...

CVE-2015-1784

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests...

CVE-2010-1852

Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site...

CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

CVE-2012-4001

The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

Google Cloud Classic Application Load Balancer Input Validation Error Vulnerability

Google Cloud Classic Application Load Balancer is a legacy application load balancing service from Google, Inc. that is used to automatically distribute traffic to back-end service instances in a cloud environment. An input validation error vulnerability exists in Google Cloud Classic Application...

PT-2025-22502 · Cloudflare · Pingora

Name of the Vulnerable Software and Affected Versions: Pingora versions prior to the fixed version Description: A request smuggling issue was identified in Pingora's proxying framework, pingora-proxy, allowing malicious HTTP requests to be injected via manipulated request bodies on cache HITs. Th...

CVE-2002-1906

The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service CPU consumption by sending incomplete HTTP requests and leaving the connections open...

CVE-2002-2025

Lotus Domino server 5.0.9a and earlier allows remote attackers to cause a denial of service by exhausting the number of working threads via a large number of HTTP requests for 1 an MS-DOS device name and 2 an MS-DOS device name with a large number of characters appended to the device name...

CVE-2002-2007

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...

CVE-2009-5111

GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2007-5561

Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175...

CVE-2009-5110

dhttpd allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2005-2201

Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests...