CVE-2020-16152

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...

Advisory ROSA-SA-2021-1885

Software: libproxy 0.4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-25219 CVE-Crit: HIGH CVE-DESC: url :: recvline in url.cpp in libproxy 0.4.x to 0.4.15 allows a remote HTTP server to run uncontrolled recursion through a response consisting of an infinite stream with no newline character. This results in...

CVE-2021-2277

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

EulerOS Virtualization 3.0.6.6 : libproxy (EulerOS-SA-2021-1490)

According to the versions of the libproxy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a...

CVE-2021-2033

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core Components. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

EulerOS 2.0 SP5 : libproxy (EulerOS-SA-2020-2550)

According to the version of the libproxy packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed o...

MGASA-2020-0373 Updated libproxy packages fix security vulnerability

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. CVE-2020-25219...

CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...

CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...

CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...

CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...

Mereo 1.9.4 Denial Of Service Exploit

!/usr/bin/python ''' Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/mereo/ Software Link: https://sourceforge.net/projects/mereo/files/ Version: 1.9.4 Tested on: Windows 7 , Windows Vista...

Mereo 1.9.4 Denial Of Service

!/usr/bin/python ''' Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service Date: 06-2020 Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/mereo/ Software Link: https://sourceforge.net/projects/mereo/files/ Version: 1.9.4 Tested on: Windows 7 ,...

CVE-2020-10827

CVE-2020-10827 refers to a stack-based buffer overflow in the apmd service on Draytek Vigor3900, Vigor2960, and Vigor300B devices. The vulnerability, present in firmware prior to 1.5.1, allows remote code execution via a crafted HTTP request. Multiple connected sources corroborate the affected mo...

CVE-2020-2716

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2019-2888

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: EJB Container. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2019-2638

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite subcomponent: Consolidation Hierarchy Viewer. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged...

CVE-2019-2598

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: SQR. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

JTBC(PHP) Arbitrary Code Execution Vulnerability

JTBC PHP is an open source CMS Content Management System. An arbitrary code execution vulnerability exists in JTBCPHP version 3.0.1.6, which can be exploited by a remote attacker to execute arbitrary PHP code on an affected system by sending a specially crafted HTTP request...

CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...