Lucene search
K

103 matches found

Cvelist
Cvelist
added 2018/05/18 2:0 p.m.24 views

CVE-2018-10967

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution...

9.1AI score0.03833EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/05/04 12:0 a.m.36 views

Adobe Reader PDF Client-Side Request Injection

% a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 R /Pages...

0.9AI score
Exploits0
0day.today
0day.today
added 2018/05/03 12:0 a.m.39 views

Adobe Reader PDF - Client Side Request Injection Exploit

Exploit for windows platform in category local exploits % a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 ...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.53 views

Adobe Reader PDF - Client Side Request Injection

% a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 R /Pages...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/05/02 12:0 a.m.14 views

Adobe Reader PDF - Client Side Request Injection

Adobe Reader PDF - Client Side Request Injection % a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 R /Page...

0.7AI score
Exploits0
seebug.org
seebug.org
added 2018/04/28 12:0 a.m.49 views

AXIS Communications - Cross-Site Scripting / Content Injection(CVE-2015-8258)

Technical Details The variable "imagePath=" that is prone to XSS in a large range of products also can be used to resource injection intents. If inserted a URL in this variable will be made an GET request to this URL, so this an interesting point to request malicious codes from the attacker...

7.8CVSS7.4AI score0.08759EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/02/26 12:0 a.m.66 views

CMS Made Simple 2.1.6 Remote Code Execution

Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Version: 2.1.6 CVE: CVE-2018-7448 Tested on: Linux...

7.5AI score0.12994EPSS
Exploits5
CNVD
CNVD
added 2017/07/03 12:0 a.m.3 views

Foscam C1 Indoor HD Camera cgiproxy.fcgi change username pureftpd.passwd injection vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. An attacker can exploit the vulnerability by sending a specially crafted HTTP...

8.8CVSS7AI score0.02194EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2017/01/24 12:0 a.m.50 views

Splunk Enterprise HTTP Request Injection Vulnerability (SP-CAAAPSR)

Splunk Enterprise is prone to a HTTP request injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS9.6AI score0.03989EPSS
Exploits0References1
OSV
OSV
added 2017/01/10 11:59 a.m.1 views

CVE-2016-10126

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...

9.8CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2017/01/10 11:59 a.m.15 views

Server side request forgery (ssrf)

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...

10CVSS7.1AI score0.03989EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/01/10 11:0 a.m.51 views

CVE-2016-10126

CVE-2016-10126 affects Splunk Enterprise and Splunk Web: multiple 5.0.x/6.x releases are vulnerable to remote HTTP request injection that can leak REST API authentication tokens via unspecified vectors (aka SPL-128840). Affected versions include 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x bef...

10CVSS9.3AI score0.03989EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/11/18 12:0 a.m.7 views

Atlassian Crucible Server 3.9.x < 3.9.2 Multiple Vulnerabilities

Binary data 9781.prm...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/11/18 12:0 a.m.136 views

Splunk Enterprise Multiple Vulnerabilities (Nov 2016)

Splunk Enterprise is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; if...

10CVSS8.9AI score0.2548EPSS
Exploits7References1
Tenable Nessus
Tenable Nessus
added 2016/11/17 12:0 a.m.908 views

Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities

According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12, 6.3.x prior to 6.3.8, or 6.4.x prior to 6.4.4; or else it is Splunk Light prior to 6.5.0. ...

10CVSS7.5AI score0.2548EPSS
Exploits7References4
CNVD
CNVD
added 2016/08/03 12:0 a.m.2 views

Barracuda Web App Firewall/Load Balancer Remote Command Execution Vulnerability

Barracuda is the generic name for a family of hard disk drives from Seagate Technology. A remote command execution vulnerability exists in the Barracuda Web App Firewall Firmware,Load Balancer Firmware. An attack could exploit this vulnerability by sending a specially crafted request that is...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/02/02 12:0 a.m.43 views

SuSE 11.3 Security Update : curl (SAT Patch Number 10166)

This update fixes the following security issues : - URL request injection bnc911363 When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. CVE-2014-8150 If the given URL contains line feeds and carriage returns those will be sent alo...

5CVSS7.5AI score0.07432EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2015/01/12 12:0 a.m.45 views

FreeBSD : cURL -- URL request injection vulnerability (caa98ffd-0a92-40d0-b234-fd79b429157e)

cURL reports : When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

4.3CVSS7.5AI score0.0681EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2015/01/12 12:0 a.m.41 views

asterisk -- Mitigation for libcURL HTTP request injection vulnerability

The Asterisk project reports: CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its funccurl.so module the CURL dialplan function, as well as its resconfigcurl.so cURL realtime backend modules. Since Asterisk may be configured to allow for...

4.3CVSS9.1AI score0.0681EPSS
Exploits0References1
OSV
OSV
added 2015/01/09 4:44 p.m.8 views

MGASA-2015-0020 Updated curl packages fix CVE-2014-8150

Updated curl packages fix security vulnerability: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to...

4.3CVSS6.3AI score0.0681EPSS
Exploits0References3
Rows per page
Query Builder