scala-bin file download vulnerability

scala-bin is a package installer for the Scala language. A security vulnerability exists in scala-bin that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested binary with a binary under their...

ibapi code execution vulnerability

ibapi is a trading system high-speed order interface. A security vulnerability exists in ibapi that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary file with a binary file under thei...

selenium-binaries code execution vulnerability

selenium-binaries is a tool for downloading Selenium-related binaries for your operating system. A security vulnerability exists in selenium-binaries that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing...

ALPINE-CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

Oracle Sun Systems Products Suite Sun ZFS Storage Appliance Kit Component Unauthorized Operation Vulnerability

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation.Sun ZFS Storage Appliance Kit AK is one of the ZFS storage appliance kits. A security vulnerability exists in the HTTP data path subsystems subcomponent of the Sun ZFS Storage AK component in Oracle Sun...

CVE-2018-2848

Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications subcomponent: Client Application Loader. Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...

CVE-2018-2809

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Fluid Homepage & Navigation. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2017-8154

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle MITM vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may...

Youku client update process suffers from arbitrary file download vulnerability

Youku PC client is a video player that supports both online and local use. An arbitrary file download vulnerability exists in the Youku PC client update process. The vulnerability is caused by the client update process using an insecure HTTP communication protocol to interact with the server, and...

eQ-3 AG HomeMatic CCU2 Malicious Firmware Update Vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A security vulnerability in the /usr/local/etc/config/addons/mh/loopupd.sh file in the eQ-3 AG Homematic CCU2 version 2.29.22 stems from the program's failure to provide cryptographic...

UBUNTU-CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...

CVE-2018-2730

Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications subcomponent: Cross Pillar. The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail...

The vulnerability of the HTTP protocol handler of the software tool for downloading files over the network via Wget allows a hacker to execute arbitrary code.

The vulnerability of the HTTP protocol handler of the software tool for downloading files over the network, Wget, arises from the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using a specially prepared...

The vulnerability of the Oracle Identity Manager (OIM), a software platform of Oracle Fusion Middleware, allows a perpetrator to gain full control over the system.

The vulnerability of the Oracle Identity Manager OIM, a software platform of Oracle Fusion Middleware, is related to the use of pre-installed system accounts. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the Oracle Identity Manager using the...

wget: Heap-based buffer overflow in HTTP protocol handling

A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code...

CVE-2017-10161

Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite subcomponent: Web Services Security. Supported versions that are affected are 6.1.3.0 and 6.2.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTT...

PT-2017-13463 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the D-Link NPAPI extension used in D-Link DIR-850L devices, which participates in mydlink Cloud...

DEBIAN-CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-10179

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite subcomponent: User Monitoring. Supported versions that are affected are AMP 12.1.0.4.0 and AMP 13.1.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with networ...

CVE-2017-1182

IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493...