Lucene search
K

701 matches found

NVD
NVD
added 2008/03/10 5:44 p.m.17 views

CVE-2008-1245

cgi-bin/setupvirtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service control center outage via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header...

7.8CVSS6.7AI score0.03184EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2007/10/03 3:47 p.m.5 views

elinks reveals POST data to HTTPS proxy

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

4.3CVSS5.9AI score0.02599EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/10/03 3:47 p.m.24 views

Moderate: Red Hat Security Advisory: elinks security update

An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports...

4.3CVSS5.6AI score0.02599EPSS
Exploits0References2
OSV
OSV
added 2007/09/21 8:17 p.m.2 views

DEBIAN-CVE-2007-5034

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

4.3CVSS6.5AI score0.02599EPSS
Exploits0References1
OSV
OSV
added 2007/08/07 10:17 a.m.4 views

DEBIAN-CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

5.8CVSS7.2AI score0.0621EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/08/07 10:0 a.m.28 views

CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

6.6AI score0.0621EPSS
Exploits0References9
seebug.org
seebug.org
added 2007/03/09 12:0 a.m.19 views

Mod_Security ASCIIZ字节绕过安全限制漏洞

modsecurity是经常与PHP结合使用的Web应用防火墙。 modsecurity在处理特定的HTTP数据时存在漏洞,远程攻击者可能利用此漏洞绕过某些安全限制。 在接收到请求后modsecurity会将其解析成为Web应用参数。由于解析入站数据的方式遵循RFC中所定义的规则而不一定是Perl、Python、Java或PHP中的HTTP请求解析器所兼容的方式,因此如果RFC与实际实现方式不匹配时可能存在一些限制绕过漏洞。...

7.1AI score
Exploits0
NVD
NVD
added 2007/03/08 10:19 p.m.16 views

CVE-2007-1359

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

6.8CVSS6.7AI score0.06616EPSS
Exploits1References15
Prion
Prion
added 2007/03/08 10:19 p.m.17 views

Design/Logic Flaw

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

6.8CVSS6.9AI score0.06616EPSS
Exploits1References15Affected Software1
Cvelist
Cvelist
added 2007/03/08 5:0 p.m.24 views

CVE-2007-1359

Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...

9.5AI score0.06616EPSS
Exploits1References15
securityvulns
securityvulns
added 2006/04/12 12:0 a.m.123 views

phpListPro <= 2.0 - Remote File Include Vulnerability

phpListPro = 2.0 - Remote File Include Vulnerability -------------------------------------------------------- Software: phpListPro Version: =2.00 Type: Remote File Include Vulnerability Date: April, 11th 2006 Vendor: SmartISoft Page: http://smartisoft.com Risc: High Credits:...

0.5AI score
Exploits0
myhack58
myhack58
added 2006/03/06 12:0 a.m.12 views

Discuss and research the script program to insert the picture-vulnerability warning-the black bar safety net

Now from the injection to get WEBSHELL it seems that success rates are relatively high. Get to a SHELL after the install your own scripts the back door, often by killing. The script the back door of the development history: To 1. The start is placed directly on a ASP file. 2。 The ASP file...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2005/08/03 2:16 p.m.6 views

security flaw

optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...

4.3CVSS5.8AI score0.04242EPSS
Exploits2References4
OSV
OSV
added 2005/07/05 4:0 a.m.1 views

DEBIAN-CVE-2005-2108

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...

7.5CVSS8.7AI score0.0932EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2005/06/30 12:0 a.m.59 views

WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection

!/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/03/16 12:0 a.m.31 views

[XSS] paBox 2.0

pabox 2.0 no longer includes the Date and Time parameters in the POST data sent with your shout. The date and time parameters in previous versions were vulnerable to a cross site scripting attack. Now however in version 2.0 if you setup paBox to include an icon with your topic... eg: :winkface:...

1.3AI score
Exploits0
Exploit DB
Exploit DB
added 2004/02/09 12:0 a.m.22 views

Sambar Server 6.0 - 'results.stm' POST Buffer Overflow

source: https://www.securityfocus.com/bid/9607/info A buffer overflow vulnerability has been reported in the Sambar web server. The issue is due to a boundary condition error in the POST data processing of the affected software. Immediate consequences of an attack may result in a denial of servic...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/02/09 12:0 a.m.15 views

Sambar Server 6.0 - results.stm POST Buffer Overflow

Sambar Server 6.0 - results.stm POST Buffer Overflow source: https://www.securityfocus.com/bid/9607/info A buffer overflow vulnerability has been reported in the Sambar web server. The issue is due to a boundary condition error in the POST data processing of the affected software. Immediate...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/12/01 12:0 a.m.29 views

Jason Maloney's Guestbook 3.0 - Remote Command Execution

// source: https://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize sensitive script variables after...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/03/24 12:0 a.m.12 views

Monkey HTTP Daemon 0.40.50.6 - Excessive POST Data Buffer Overflow

Monkey HTTP Daemon 0.40.50.6 - Excessive POST Data Buffer Overflow source: https://www.securityfocus.com/bid/7202/info Monkey HTTP Daemon is prone to a boundary condition error. This condition occurs when the server attempts to handle excessive HTTP POST data. Exploitation could allow a remote...

0.2AI score
Exploits0
Rows per page
Query Builder