638 matches found
Xxe
External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...
CVE-2018-6670
External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...
Design/Logic Flaw
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi...
CVE-2018-7539
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request such as GET /../../../../../../../../../../../../etc/passwd to the web server fuzzd/0.1.1 running the Maintenance Center on port TCP/8088. This can lead to full...
CVE-2018-8954
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request...
CVE-2018-8954
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request...
Sql injection
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request...
Cross site request forgery (csrf)
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request...
CVE-2016-7472
F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service DoS via a crafted HTTP request...
VulnCheck KEV: CVE-2017-20149
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on...
CVE-2017-1524
IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970...
Directory traversal
A vulnerability in the credential reset functionality for Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to...
CVE-2017-16922
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request...
Cross site request forgery (csrf)
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service memory consumption via a crafted HTTP request...
CVE-2018-7048
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service memory consumption via a crafted HTTP request...
CVE-2018-7049
The CVE-2018-7049 entry concerns Wowza Streaming Engine prior to 4.7.1, with a cross-site scripting (XSS) vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager). The issue allows script injection or reflection via a cr...
Cross site request forgery (csrf)
RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request...
Default credentials
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings...
CVE-2018-5726
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings...
Brother Debut http Denial Of Service
The Debut embedded HTTP server 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure 'h00die' metasploit module , 'References' = 'CVE', '2017-16249' , 'URL',...