17 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to inefficient handling of URL-encoded bodies with a very large number of parameters. An attacker can cause elevated CPU and memory usage by sending payloads containing thousands ...
EUVD-2002-0884
Malware in sbrugna...
CVE-2020-8461
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token...
Denial Of Service (DoS)
io.undertow: undertow-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service DoS...
SUSE CVE-2015-5343
Integer overflow in util.c in moddavsvn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service subversion server crash or memory consumption and possibly execute arbitrary code via a skel-encoded request body, which...
KLA10792 Denial of service vulnerability in Apache Subversion
An integer overflow was found in Apache Subversion. By exploiting this vulnerability malicious authenticated users can cause denial of service or possibly execute arbitrary code. This vulnerability can be exploited remotely via a specially designed request. Technical details This vulnerability ca...
UBUNTU-CVE-2015-5343
Integer overflow in util.c in moddavsvn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service subversion server crash or memory consumption and possibly execute arbitrary code via a skel-encoded request body, which...
Important: Red Hat Security Advisory: jbossweb security update
An updated jbossweb package that fixes various security issues is now available for JBoss Enterprise Application Platform JBoss EAP 4.2 and 4.3. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Web Server jbossweb is an enterprise ready w...
WebLogic Server < 6.0 SP1 Encoded Request Directory Listing
Binary data 1453.prm...
BEA WebLogic < 5.1.0 SP8 Hex-encoded Request JSP Source Disclosure
Binary data 1525.prm...
CVE-2003-0822
Affected software : Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002. Vulnerability : a buffer overflow in the debug functionality of fp30reg.dll (MS03-051) that can be triggered via a crafted chunked-encoded request, allowing remote code execution. Impact : remote attacker could execut...
CVE-2002-0893
The CVE-2002-0893 entry maps to ServletExec 4.1 ISAPI vulnerability in the JSP10Servlet that enables directory traversal. Multiple connected sources describe that by issuing a URL-encoded "..%5c" (modified dot-dot) to com.newatlanta.servletexec.JSP10Servlet, an attacker can read arbitrary files w...
CVE-2002-0922
The CVE-2002-0922 issue affects the CGIScript.net csNews.cgi CGI script. It allows remote attackers to obtain database files (default.db and default.db.style) via direct URL-encoded requests, and also permits remote authenticated users to perform administrative actions when a database parameter i...
security flaw
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size...
Buffer overflow in Microsoft IIS HTR
Buffer overflow on chunk-encoded POST request...
BEA WebLogic Hex Encoded Request JSP Source Disclosure
The version of BEA WebLogic installed on the remote host may be tricked into revealing the source code of JSP scripts by using simple URL encoding of characters in the filename extension. %NASLMINLEVEL 70300 This script was written by Gregory Duchemin See the Nessus Scripts License for details...
Cenroll ActiveX Control allows creation of arbitrary files.
Overview The ActiveX control Cenroll permits unauthorized users to create files on the local system. Description The ActiveX control "Cenroll" clsid: 43F8F289-7A20-11D0-8F06-00C04FC295E1, which is ordinarily marked safe-for-scripting allows callers to create files and write to the registry with t...