190 matches found
Parameter overflow vulnerability in OpenResty uri
OpenResty® is a high-performance web platform based on Nginx and Lua, with a large number of well-integrated Lua libraries, third-party modules, and most dependencies. A parameter overflow vulnerability exists in OpenResty uri. The vulnerability stems from the program's inability to properly fetc...
CVE-2017-9790
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...
Arbitrary File Download Vulnerability in javaee Forum System
javaee forum system is a free open source javaee forum source code system , using springMVC mybatis framework development. javaee forum system has an arbitrary file download vulnerability , an attacker can forge files through the path in the request to download the site configuration or system...
CVE-2016-9564
Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...
Imperial Fairytale - Multiple Script Direct Request Path Disclosure
The imperial-fairytale WordPress theme was affected by a Multiple Script Direct Request Path Disclosure security vulnerability...
Q and A - Multiple Scripts Direct Request Path Disclosure
The q-and-a WordPress plugin was affected by a Multiple Scripts Direct Request Path Disclosure security vulnerability...
Атаки через Request-Path + Баги IE
На эту тему скоро будет статейка на пару страниц прим. Хакер, апрель 2013. Идея ужасно банальная, но результат тестирования очень удивил + обнаружены интересные баги. Зачастую при тестировании забывают, что небезопасно могут обрабатываться не только Get/Post/Cookie параметры, но и Request-URI /...
UBUNTU-CVE-2012-2922
The requestpath function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q parameter to index.php, which reveals the installation path in an error message...
CVE-2006-2186
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the 1 /photos/themes/default/ and 2 /photos/themes/testing/ URIs, which reveals the path in an error message...
.Net server form authentication protection bypass
By using backslash in the request path it's possible to access protected file...