8 matches found
PT-2026-43070
Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description The WebSocket client in src/hackney ws.erl lacks upper bounds on memory consumption across three code paths, allowing for flooding. First, the read handshake response/3 function accumulates...
Flooding Server with Thumbnail files
Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize th...
GHSA-277C-5VVJ-9PWX Flooding Server with Thumbnail files
Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize th...
CVE-2024-32871
Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the...
CVE-2024-32871 Pimcore Vulnerable to Flooding Server with Thumbnail files
Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the...
Reddit: Rate limit is implemented in Reddit , but its not working .
Vulnerability description not provided...
CVE-2020-10037
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. By performing a flooding attack against the web server, an attacker might be able to gain read access to the device's memory, possibly revealing confidential information...
Liberapay: No Data Validation, No Captcha, No Filters...
POST /for/new HTTP/1.1 Host: liberapay.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:52.0 Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer:...