Lucene search
+L

59 matches found

ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.6 views

CVE-2022-23020

On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

7.5CVSS5.8AI score0.00976EPSS
Exploits0References2
OSV
OSV
added 2022/01/25 8:15 p.m.6 views

CVE-2022-23020

On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

7.5CVSS7.1AI score0.00976EPSS
Exploits0References1
CVE
CVE
added 2022/01/25 7:11 p.m.115 views

CVE-2022-23020

CVE-2022-23020 affects BIG-IP 16.1.x prior to 16.1.2, where enabling Respond on Error on the Request Logging profile (on a virtual server) can cause the Traffic Management Microkernel (TMM) to terminate, yielding a DoS. Red Hat and F5 advisories corroborate the issue and indicate the vulnerabilit...

7.5CVSS7.6AI score0.00976EPSS
Exploits0References1Affected Software11
Tenable Nessus
Tenable Nessus
added 2022/01/19 12:0 a.m.22 views

F5 Networks BIG-IP : BIG-IP TMM vulnerability (K17514331)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K17514331 advisory. - On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profil...

7.5CVSS7.4AI score0.00976EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2021/12/13 1:5 p.m.398 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Spring Boot Test Service This is a dirty hack s...

10CVSS9.4AI score0.99999EPSS
Exploits355
CERT
CERT
added 2021/04/20 12:0 a.m.297 views

Pulse Connect Secure contains a use-after-free vulnerability

Overview Pulse Connect Secure PCS gateway contains a use-after-free vulnerability that can allow an unauthenticated remote attacker to execute arbitrary code. Description CVE-2021-22893 A use-after-free vulnerability that can be reached via a license server handling endpoint may allow a remote,...

10CVSS9.8AI score0.47172EPSS
Exploits9References4
NVD
NVD
added 2020/10/08 1:15 p.m.34 views

CVE-2020-2287

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

5.3CVSS0.01169EPSS
Exploits0References2
OSV
OSV
added 2020/10/08 1:15 p.m.23 views

CVE-2020-2287

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

5.3CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2020/10/08 1:15 p.m.21 views

Cross site request forgery (csrf)

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

5CVSS5.3AI score0.01169EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/10/08 12:40 p.m.88 views

CVE-2020-2287

CVE-2020-2287 affects the Jenkins Audit Trail Plugin (versions 3.6 and earlier). The vulnerability arises from how the plugin parses URL paths, using a different representation than the Stapler web framework, which can let an attacker craft URLs that bypass request logging for any target URL. The...

5.3CVSS5.2AI score0.01169EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/10/08 12:40 p.m.68 views

CVE-2020-2287

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

5.3CVSS4.4AI score0.01169EPSS
Exploits0References2
PyPA
PyPA
added 2020/07/27 12:15 p.m.7 views

PYSEC-2020-150

This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...

7.5CVSS6.9AI score0.01345EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2020/06/07 7:6 p.m.118 views

h1-ctf: [H1-2006 2020] CTF Writeup

Summary: Multiple Vulnerabilities leading to full account takeover and access to restricted functions 1. Information Disclosure 2. Login 2FA Bypass 3. SSRF 4. Hardcoded validation 5. Sensitive information disclosure 6. Privilege Escalation 7. Payments 2FA Bypass through SSRF Steps To Reproduce: 0...

7.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/08/12 11:53 a.m.3 views

undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

9.8CVSS5.8AI score0.03412EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2010/04/20 2:30 p.m.4 views

CVE-2009-4769

Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow 1 remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow 2 remote authenticated users t...

9.3CVSS6.2AI score0.37895EPSS
Exploits5References8
Cvelist
Cvelist
added 2010/02/18 5:19 p.m.42 views

CVE-2010-0644

Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for th...

5.8AI score0.00859EPSS
Exploits0References8
Prion
Prion
added 2009/08/10 8:30 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

4.3CVSS6AI score0.00845EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2008/01/28 11:0 p.m.41 views

CVE-2008-0407

HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...

6.7AI score0.01566EPSS
Exploits6References8
exploitpack
exploitpack
added 2000/06/09 12:0 a.m.13 views

RedHat 6.2 - Piranha Virtual Server Package Plaintext Password

RedHat 6.2 - Piranha Virtual Server Package Plaintext Password source: https://www.securityfocus.com/bid/1367/info Password changes submitted to Red Hat Piranha via HTTP are insecurely passed as variables in a GET request. Unauthorized users could obtain the password by reading the httpd access l...

0.5AI score
Exploits0
Rows per page
Query Builder