U.S. Dept Of Defense: SQL injection vulnerability in a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive information. @shakaa1 was able to demonstrate this vulnerability by crafting specially formatted URLs. Thanks @shakaa1!...

PHPMailer Sendmail Argument Injection

PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to th...

3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language. The critical vulnerabilities reside in the unserialized mechanism in PHP...

U.S. Dept Of Defense: Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████

Details: There is currently a security misconfiguration on plain.php function located on the host http://██████████/ allowing attackers to include webserver contents of their choosing no restriction on filetypes and/or IP addresses, as well as embed malicious javascript payloads in the response v...

U.S. Dept Of Defense: Server side information disclosure

A misconfigured Department of Defense webserver improperly disclosed configuration information when returning an error page. sulemanmalik03 was able to demonstrate this vulnerability by crafting a particularly formatted URL. Thanks sulemanmalik03!...

U.S. Dept Of Defense: SQL Injection vulnerability in a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive information. @korprit was able to demonstrate this vulnerability by crafting specially formatted URLs. Thanks @korprit!...

U.S. Dept Of Defense: SQL Injection vulnerability in a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive information. @korprit was able to demonstrate this vulnerability by crafting specially formatted URLs. Thanks @korprit!...

U.S. Dept Of Defense: Server side information disclosure on a DoD website

A misconfigured Department of Defense webserver improperly disclosed application information. @sulemanmalik03 was able to demonstrate this vulnerability by crafting specially formatted URLs...

U.S. Dept Of Defense: Time Based SQL Injection vulnerability on a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive financial information. @psychomantis was able to demonstrate this vulnerability by crafting specially formatted URLs. Thank you! The service being used didn't properly sanitize id...

U.S. Dept Of Defense: Information disclosure vulnerability on a DoD website

A misconfigured Department of Defense webserver improperly disclosed application information.@babayaga was able to demonstrate this vulnerability by crafting specially formatted URLs...

U.S. Dept Of Defense: XXE on DoD web server

A Department of Defense webserver was vulnerable to an XML External Entity XXE processing vulnerability. dawgyg was able to exploit this vulnerability by crafting an XML request that revealed sensitive local system information. Thanks dawgyg!...

U.S. Dept Of Defense: Remote code execution on an Army website

A webserver hosted by the U.S. Army allowed the execution of local shell commands. meals was able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks meals!...

Boa Webserver Buffer Overflow Vulnerability

Boa Webserver is a high performance web server for Unix-like computers. A buffer overflow vulnerability exists in the 'sendredirect' function in Boa Webserver version 0.92r. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP GET request to cause a denial of servi...

X5 Webserver Remote Denial of Service Vulnerability

X5 is the latest generation of web servers from iMatix. x5 is built using iMatix's current Base2 technology for multi-threaded applications. A remote denial of service vulnerability exists in X5 Webserver. Due to NULL pointer dereferencing when processing malicious HEAD and GET requests. Allows a...

Xitami Web Server 5.0a0 - Denial of Service Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python X5 Webserver 5.0 Remote Denial Of Service Exploit Vendor: iMatrix Product web page: http://www.xitami.com Affected version: 5.0a0 Summary: X5 is the latest generation web server from iMatix Corporation. The Xitami product lin...

CVE-2016-9564

Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...

CVE-2016-9564

Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...

Buffer overflow

Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...

CVE-2016-9564

Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...

CVE-2016-9564

Boa Webserver 0.92r contains a buffer overflow in the send_redirect() function that can be triggered by a crafted HTTP GET request with a long URI composed only of '/' and '.' characters, leading to a denial-of-service condition. Multiple sources (NVD, CNVD, CVE records, and vendor write-ups) cor...