UBUNTU-CVE-2022-39957

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Exploit

Exploit for php platform in category web applications Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.ph...

Neon WebDAV Client Library 0.2x Format String Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10136/info It has been reported that the Neon client library is prone to multiple remote format string vulnerabilities. This issue is due to a failure of the application to properly implement format string functions...

Remotely Anywhere 'Accept-Charset'字符NULL指针拒绝服务漏洞

BUGTRAQ ID: 28175 CNCAN ID:CNCAN-2008031103 Remotely Anywhere是一款远程管理软件。 Remotely Anywhere不正确处理特殊构建的HTTP请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 提交包含非法Accept-Charset参数的HTTP请求，可导致NULL指针引用而导致应用程序崩溃，造成拒绝服务攻击。 RemotelyAnywhere RemotelyAnywhere Workstation Edition 8.0.668 RemotelyAnywhere RemotelyAnywhere Server...

Null pointer dereference

The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service crash via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: the service is automatically restarted...