2516 matches found
DSA-1058-1 awstats - missing input sanitising
Bulletin has no description...
IIS ASP.NET Application Trace Enabled
The ASP.NET web application running in the root directory of this web server has application tracing enabled. This would allow an attacker to view the last 50 web requests made to this server, including sensitive information like Session ID values and the physical path to the requested file...
Cherokee remote command execution
The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to remote command execution due to a lack of web requests sanitization, especially shell metacharacters. Additionally, this version fails to drop root privileges after it binds to...
DEBIAN-CVE-2004-0113
Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...
Canon GP300 - Remote GET Denial of Service
source: https://www.securityfocus.com/bid/8121/info A problem in the Canon GP-300 has been reported in the handling of some types of malformed web requests. This issue could result in the denial of service to legitmate users of the print server. GET /...
HP Instant TopTools DoS
DoS on malcrafted Web requests to TCP/280...
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure source: https://www.securityfocus.com/bid/5857/info SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files. The Reports Server does...
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
source: https://www.securityfocus.com/bid/5857/info SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files. The Reports Server does not sufficiently filter triple-dot-slash .../ sequences from web...
Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a request which causes arbitrary...
Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow
Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow source: https://www.securityfocus.com/bid/2569/info The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web...
Oracle Application Server 4.0.8.2 - ndwfn4.so Buffer Overflow
source: https://www.securityfocus.com/bid/2569/info The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web server. If the library is sent a request longer than...
CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
More info at https://symfony.com/cve-2026-46626...
Security Update For Exchange Server 2016 CU12 (KB4487563)
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access OWA fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive...
Security Update For Exchange Server 2016 (KB3124557)
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access OWA fails to properly handle web requests, and sanitize user input and email content...
Security Update For Exchange Server 2016 CU12 (KB4515832)
The security update addresses 2 vulnerabilities: A denial of service vulnerability exists in Microsoft Exchange Server when the software fails to properly handle objects in memory. A spoofing vulnerability exists in Microsoft Exchange Server when OWA fails to properly handle web requests...
CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
More info at https://symfony.com/cve-2026-46626...