Lucene search
+L

2512 matches found

BDU FSTEC
BDU FSTEC
added 2015/08/07 12:0 a.m.5 views

The vulnerability of the Apache HTTP Server web server allows attackers to send hidden http requests.

The vulnerability of the chunked transfer coding mechanism in the Apache HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely, due to incorrect processing of input values by the...

5CVSS6.3AI score0.73327EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2015/05/03 12:0 a.m.5 views

EasyCTF Unauthorized Access Vulnerability

EasyCTF is a CGI program for scoring CTFs. EasyCTF fails to properly verify session IDs, allowing remote attackers to gain unauthorized access via special HTTP requests...

5CVSS7.2AI score0.01704EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.9 views

The vulnerability of Cisco ACS’s microprogramming software allows a remote attacker to execute arbitrary code.

The vulnerability of the ACS View interface allows a remote authenticated user with administrator privileges to execute arbitrary SQL commands using specially crafted HTTPS requests...

9CVSS6.1AI score0.00916EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2015/01/15 1:24 p.m.4 views

USN-2474-1 curl vulnerability

Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests...

4.3CVSS7.1AI score0.0681EPSS
Exploits0References2
CNVD
CNVD
added 2015/01/14 12:0 a.m.8 views

Remote Denial of Service Vulnerability in Multiple IBM Products

IBM Sterling B2B Integration supports an automated, cloud-based approach to transforming business documents into any data format or protocol required and exchanging them with trading partners. A remote denial of service vulnerability exists in multiple IBM products, allowing remote attackers to...

5CVSS6.8AI score0.02032EPSS
Exploits0References1
Cisco
Cisco
added 2014/12/22 5:24 p.m.36 views

Cisco Enterprise Content Delivery System Web Directory Traversal and Arbitrary File Access Vulnerability

A vulnerability in Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker to conduct directory traversal attacks on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could...

5CVSS6.5AI score0.02863EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2014/10/06 12:0 a.m.6 views

PT-2014-3496 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.3 Description: The issue allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Recommendations: For versions prior to 5.3, update to version 5....

4CVSS6AI score0.0124EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/09/03 5:43 p.m.2 views

squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)

A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid...

7.5CVSS7.5AI score0.43261EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

PHPLib Team PHPLIB 7.2 - Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3079/info The PHP Base Library'PHPLIB' is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

zeroo http server 1.5 - Directory Traversal vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/6308/info It has been reported that Zeroo fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

SurfControl SuperScout WebFilter for windows 2000 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5857/info SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files. The Reports Server does not sufficiently filter...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Seanox DevWex Windows Binary 1.2002.520 File Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/4978/info The Seanox DevWex Windows binary version is prone to an issue which may cause arbitrary web-readable files to be disclosed to remote attackers. This problem occurs because DevWex does not sufficiently filter '.....

7.1AI score
Exploits0
NVD
NVD
added 2014/04/25 5:12 a.m.11 views

CVE-2014-0780

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests...

9.8CVSS7.2AI score0.74548EPSS
Exploits5References6
Prion
Prion
added 2014/04/25 5:12 a.m.16 views

Directory traversal

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests...

7.5CVSS7.7AI score0.74548EPSS
Exploits5References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2014/04/25 12:0 a.m.20 views

CVE-2014-0780

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Recent assessments: Assessed Attacker Value: 0 Assessed...

9.8CVSS7AI score0.74548EPSS
In wildExploits5References7
RedHat Linux
RedHat Linux
added 2014/02/24 7:59 p.m.42 views

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 security update

Updated Red Hat JBoss Enterprise Application Platform 6.2.1 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score,...

1.9CVSS7AI score0.00346EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2014/02/24 5:46 p.m.46 views

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 security update

An update for Red Hat JBoss Enterprise Application Platform 6.2.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which...

1.9CVSS7AI score0.00346EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2013/10/09 12:0 a.m.6 views

PT-2013-5598 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.x through 8.25.43 Cisco Adaptive Security Appliance ASA Software versions 8.3.x through 8.32.38 Cisco Adaptive Security Appliance ASA Software versions 8.4.x through 8.45.6 Cisco...

7.8CVSS6.5AI score0.01349EPSS
Exploits0References5
Saint
Saint
added 2013/09/30 12:0 a.m.27 views

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...

0.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/09/09 4:54 p.m.4 views

activemq: Unauthenticated access to web console

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests...

6.4CVSS7.4AI score0.06311EPSS
Exploits1References4
Rows per page
Query Builder