Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2024/06/19 12:15 a.m.2 views

CVE-2024-6145

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exis...

8.8CVSS7.7AI score
Exploits0References1
CVE
CVEadded 2024/06/18 11:39 p.m.54 views

CVE-2024-6145

The CVE-2024-6145 entry concerns Actiontec WCB6200Q routers. Concrete details in connected documents show that the vulnerability exists in the HTTP server, where a crafted Cookie header can trigger a format specifier from a user-supplied string, allowing a network-adjacent attacker to execute arb...

8.8CVSS9AI score0.01205EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/06/18 11:39 p.m.12 views

CVE-2024-6145 Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exis...

8.8CVSS9AI score0.01205EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2012/05/07 6:16 p.m.4 views

httpd: NULL pointer dereference crash in mod_log_config

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

2.6CVSS7.3AI score0.30809EPSS
Exploits0References4
securityvulns
securityvulnsadded 2008/10/14 12:0 a.m.37 views

NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NewLife Blogger = v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NewLife Blogger $ Version: = 3.0 $ File...

0.1AI score
Exploits0
Exploit DB
Exploit DBadded 2008/10/12 12:0 a.m.32 views

NewLife Blogger 3.0 - Insecure Cookie Handling / SQL Injection

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NewLife Blogger eNYe-Sec - www.enye-sec.org Cookie format is: nlb3=7::96e79218965eb72c92a549dd5a330112 nlb3=iduser::md5 pass --Bug -- 143. function checkLogin 144. // loing check 145. if isset $COOKIE'nlb3' 146. $dat...

7AI score
Exploits0
Rows per page
Query Builder