36 matches found
CVE-2026-9813
FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...
CVE-2026-9813
FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...
CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
GHSA-MPF7-P9X7-96R3 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API
Summary The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and statu...
CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
EUVD-2008-1777
Malware in sbrugna...
EUVD-2009-3089
Malware in sbrugna...
Zyxel P-6101C Authorization Issue Vulnerability
The Zyxel P-6101C is a wireless router from China's Hopkins Zyxel. The Zyxel P-6101C suffers from an authorization issue vulnerability that stems from improper authentication. An attacker can exploit the vulnerability to read certain device information via a specially crafted HTTP HEAD method...
CVE-2021-4433
A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2021-4433 Karjasoft Sami HTTP Server HTTP HEAD Rrequest denial of service
A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2021-4433
Karjasoft Sami HTTP Server 2.0 is affected in the HTTP HEAD Request Handler component. The vulnerability (CVE-2021-4433) arises from manipulation of this handler, leading to remote denial of service. Exploitation has been disclosed publicly. Remediation suggestions from PT Security indicate disab...
CVE-2021-4433 Karjasoft Sami HTTP Server HTTP HEAD Rrequest denial of service
A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclose...
ZTE-H108NS Router - Authentication Bypass Vulnerability
Exploit Title: Router ZTE-H108NS - Authentication Bypass Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, then only those...
Jenkins Deploy WebLogic Plugin missing permission check
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
GHSA-89VJ-RQV8-7737 Jenkins Deploy WebLogic Plugin missing permission check
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
ProCaster LE-32F430 GStreamer souphttpsrc libsoup/2.51.3 Stack Overflow Exploit
ProCaster LE-32F430 SmartTV remote code execution exploit that leverages a stack overflow vulnerability in GStreamer souphttpsrc libsoup version 2.51.3. !/bin/sh ProCaster LE-32F430 NotSoSmartTV remote code execution exploit through GStreamer souphttpsrc libsoup/2.51.3 HTTP stack overflow...
CVE-2019-17181
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 2007-06-03. An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system...
CVE-2018-19861
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued...
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit
Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...