Lucene search
+L

180 matches found

BDU FSTEC
BDU FSTEC
added 2020/01/13 12:0 a.m.9 views

The vulnerability of the String.equals() function in the Apache Tapestry software platform allows a hacker to execute arbitrary code.

The vulnerability of the String.equals function in the Apache Tapestry software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.1AI score0.08752EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/04/17 2:29 p.m.6 views

ALPINE-CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

5.9CVSS6.8AI score0.03739EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2018/01/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2012-2336

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing...

5CVSS7.3AI score0.50723EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2017/08/10 12:0 a.m.9 views

The vulnerability of the zend_string_extend function in the PHP interpreter allows a attacker to cause a service failure or exert other effects.

The vulnerability of the zendstringextend function in the PHP interpreter is related to insufficient control over modifications to object instances of the sequence type. Exploiting this vulnerability could allow a malicious actor to cause service failures or other adverse effects e.g., terminatio...

7.5CVSS6.8AI score0.07191EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2017/05/21 6:29 p.m.4 views

UBUNTU-CVE-2017-9115

In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code...

8.8CVSS7.5AI score0.0331EPSS
Exploits0References5
OSV
OSV
added 2017/05/21 6:29 p.m.2 views

DEBIAN-CVE-2017-9115

In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code...

8.8CVSS7.5AI score0.0331EPSS
Exploits0References1
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/04/28 3:5 p.m.15 views

Combining fonts

&&&& I love the font Just Another Hand, I use it a lot in diagrams during my talks: Here it is! Yay! The thing is, I don't like the positioning of the hyphen & equals glyphs… Cache-Control: max-age=3600 They look awkwardly positioned – they sit too high. Thankfully CSS lets you merge fonts...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/01/27 12:0 a.m.4 views

Web Based TimeSheet Script Authentication Bypass Vulnerability

web based timesheet is a program to monitor the work of your employees. An authentication bypass vulnerability exists in the Web Based TimeSheet script that requires the string 'or' '=' to be entered where the password is filled in, which can be exploited by an attacker to bypass authentication...

7.2AI score
Exploits0References1
OSV
OSV
added 2016/10/05 12:0 a.m.3 views

UBUNTU-CVE-2016-7966

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...

7.3CVSS7.2AI score0.02345EPSS
Exploits0References5
NVD
NVD
added 2016/09/26 2:59 p.m.27 views

CVE-2016-3110

modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...

7.5CVSS7.4AI score0.0364EPSS
Exploits0References11
OSV
OSV
added 2016/09/26 2:59 p.m.5 views

CVE-2016-3110

modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...

7.5CVSS5.6AI score0.0364EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2016/09/26 12:0 a.m.5 views

PT-2016-5371 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Web Server version 2.1 Description: The issue allows remote attackers to cause a denial of service, resulting in an Apache http server crash. This is achieved by sending an MCMP message that contains a series of = equals...

7.5CVSS7.4AI score0.0364EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2013/02/22 12:0 a.m.409 views

Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities (Unix)

The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 30 and is, therefore, potentially affected by the following vulnerabilities: - A stack overflow error exists related to proxy tunnels. Bug 6670868 - An error exists related to...

5.7AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2012/06/27 3:43 p.m.6 views

php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...

9.8CVSS7.4AI score0.99998EPSS
Exploits42References4
RedHat Linux
RedHat Linux
added 2012/05/11 5:34 p.m.8 views

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS7.8AI score0.99998EPSS
Exploits42References5
RedHat Linux
RedHat Linux
added 2012/05/10 3:29 p.m.14 views

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS7.8AI score0.99998EPSS
Exploits42References5
RedHat Linux
RedHat Linux
added 2012/05/10 3:17 p.m.14 views

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS7.8AI score0.99998EPSS
Exploits42References5
RedHat Linux
RedHat Linux
added 2012/05/07 6:28 p.m.7 views

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS7.8AI score0.99998EPSS
Exploits42References5
OSV
OSV
added 2006/05/30 7:2 p.m.2 views

DEBIAN-CVE-2006-2659

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service CPU consumption via unknown vectors involving usernames that contain the "=" equals character, which is not properly handled during encoding...

7.8CVSS6.7AI score0.024EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/05/30 7:0 p.m.29 views

CVE-2006-2659

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service CPU consumption via unknown vectors involving usernames that contain the "=" equals character, which is not properly handled during encoding...

6AI score0.024EPSS
Exploits0References13
Rows per page
Query Builder