Lucene search
K

16 matches found

Nuclei
Nuclei
added 13 hours ago95 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.7AI score0.06289EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2026/01/08 4:57 p.m.5 views

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS5.8AI score0.01256EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/18 2:42 p.m.8 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 11:19 a.m.8 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
0day.today
0day.today
added 2024/01/15 12:0 a.m.309 views

Taokeyun SQL Injection Vulnerability

!/bin/bash Variables url="http://example.com/path/to/taokeyun/application/index/controller/m/Drs.php" cid="1' UNION SELECT 1,2,3,4,5,6,7,8,9,email FROM users-- -" Construct the request request="POST $url HTTP/1.1\r\n" request+="Content-Type: application/x-www-form-urlencoded\r\n"...

9.8CVSS7.4AI score0.00792EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/02 12:0 a.m.73 views

Magazine Edge <= 1.13 - Subscriber+ Arbitrary Plugin Activation

The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

1AI score
Exploits0
Veracode
Veracode
added 2022/11/24 2:18 a.m.22 views

Cross-Site Request Forgery (CSRF)

fastify is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the incorrect Content-Type used in the ContentTypeParser function of contentTypeParser.js, allowing an attacker to bypass the Pre-Flight checking of fetch.fetch requests with Content-Type’s as...

8.8CVSS8.6AI score0.00369EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/11/22 8:15 p.m.27 views

Cross site request forgery (csrf)

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...

6.8CVSS8.6AI score0.00369EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2022/09/12 5:59 p.m.37 views

[SECURITY] Fedora 37 Update: libapreq2-2.17-1.fc37

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
wpexploit
wpexploit
added 2021/07/27 12:0 a.m.563 views

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0 Content-Type:...

4.3CVSS0.4AI score0.00428EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2021/05/24 12:0 a.m.26 views

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)

The theme did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue. PoC POST /?ajax-request=jnews HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding:...

6.1CVSS0.6AI score0.01975EPSS
Exploits2Affected Software1
Packet Storm
Packet Storm
added 2020/02/21 12:0 a.m.140 views

Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure

!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

7.4AI score
Exploits0
Citrix
Citrix
added 2018/09/25 12:0 a.m.7 views

AppfW blocking and not logging, with PostBodyLimit set to >1GB

When we apply an appfirewall profile only in log and learning mode. After applying some pages become unavailable but there is no logs. Appfw blocking but no logs, when we enableapplication/x-www-form-urlencoded option in the appfw security...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/02 12:0 a.m.152 views

ModSecurity < 2.1.1 POST Data Null Byte Filter Bypass

According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.1.1. It is, therefore, potentially affected by a security bypass vulnerability. An error exists related to HTTP POST requests and 'application/x-www-form-urlencoded' content containing un-encoded NU...

6.8CVSS5.7AI score0.06616EPSS
Exploits1References2
seebug.org
seebug.org
added 2012/03/26 12:0 a.m.16 views

PHP 5.4.0 Built-in Web Server DoS PoC

No description provided by source. !/usr/bin/python Title: PHP 5.4.0 Built-in Web Server DoS PoC Date: 16 March 2012 Author: ls [email protected] Reference: https://bugs.php.net/bug.php?id=61461 Comments: Fixed in PHP 5.4.1RC1-DEV and 5.5.0-DEV The value of the Content-Length header is...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/10/01 12:0 a.m.40 views

phpScheduleIt 1.2.10 - reserve.php Remote Code Execution

phpScheduleIt 1.2.10 - reserve.php Remote Code Execution settitletranslate"Processing $Class"; 53. $t-printHTMLHeader; 54. $t-startMain; 55. 56. processreservation$POST'fn'; 57. 58. else 59. $resinfo = getResInfo; 60. $t-settitle$resinfo'title'; 61. $t-printHTMLHeader; 62. $t-startMain; 63...

8.1AI score
Exploits0
Rows per page
Query Builder