Lucene search
K

190 matches found

CNVD
CNVD
added 2018/04/01 12:0 a.m.3 views

Parameter overflow vulnerability in OpenResty uri

OpenResty® is a high-performance web platform based on Nginx and Lua, with a large number of well-integrated Lua libraries, third-party modules, and most dependencies. A parameter overflow vulnerability exists in OpenResty uri. The vulnerability stems from the program's inability to properly fetc...

7.1AI score
Exploits0
NVD
NVD
added 2017/09/29 1:34 a.m.15 views

CVE-2017-9790

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...

7.5CVSS7.4AI score0.02446EPSS
Exploits0References2
CNVD
CNVD
added 2017/07/10 12:0 a.m.2 views

Arbitrary File Download Vulnerability in javaee Forum System

javaee forum system is a free open source javaee forum source code system , using springMVC mybatis framework development. javaee forum system has an arbitrary file download vulnerability , an attacker can forge files through the path in the request to download the site configuration or system...

7.2AI score
Exploits0
OSV
OSV
added 2016/11/30 11:59 a.m.6 views

CVE-2016-9564

Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...

7.5CVSS5.8AI score0.01437EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.6 views

Imperial Fairytale - Multiple Script Direct Request Path Disclosure

The imperial-fairytale WordPress theme was affected by a Multiple Script Direct Request Path Disclosure security vulnerability...

2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.8 views

Q and A - Multiple Scripts Direct Request Path Disclosure

The q-and-a WordPress plugin was affected by a Multiple Scripts Direct Request Path Disclosure security vulnerability...

1.6AI score
Exploits0Affected Software1
rdot
rdot
added 2013/01/20 12:0 a.m.506 views

Атаки через Request-Path + Баги IE

На эту тему скоро будет статейка на пару страниц прим. Хакер, апрель 2013. Идея ужасно банальная, но результат тестирования очень удивил + обнаружены интересные баги. Зачастую при тестировании забывают, что небезопасно могут обрабатываться не только Get/Post/Cookie параметры, но и Request-URI /...

6.1AI score
Exploits0
OSV
OSV
added 2012/05/21 10:55 p.m.4 views

UBUNTU-CVE-2012-2922

The requestpath function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q parameter to index.php, which reveals the installation path in an error message...

5CVSS6AI score0.03008EPSS
Exploits1References6
Cvelist
Cvelist
added 2006/05/04 10:0 a.m.18 views

CVE-2006-2186

zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the 1 /photos/themes/default/ and 2 /photos/themes/testing/ URIs, which reveals the path in an error message...

6.2AI score0.01522EPSS
Exploits1References5
securityvulns
securityvulns
added 2004/09/28 12:0 a.m.29 views

.Net server form authentication protection bypass

By using backslash in the request path it's possible to access protected file...

3.4AI score
Exploits0References1
Rows per page
Query Builder