Lucene search
K

161 matches found

Debian CVE
Debian CVE
added 2017/07/01 6:0 p.m.47 views

CVE-2017-10788

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering 1 certain error responses from a MySQL server or 2 a loss of a network connection to a MySQL server. The...

9.8CVSS10AI score0.04629EPSS
Exploits0
OSV
OSV
added 2017/02/08 7:59 p.m.4 views

CVE-2016-9748

IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system...

4.3CVSS5.8AI score0.00941EPSS
Exploits0References2
CNVD
CNVD
added 2015/12/31 12:0 a.m.8 views

IBM B2B Advanced Communications Information Disclosure Vulnerability

IBM B2B Advanced Communication is a communication gateway product from IBM USA. An information disclosure vulnerability exists in IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3. An attacker can exploit the vulnerability to obtain sensitive information in error response messages with...

4.3CVSS6.1AI score0.00965EPSS
Exploits0References1
OSV
OSV
added 2015/05/22 12:0 a.m.2 views

UBUNTU-CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...

7.5CVSS7.2AI score0.03965EPSS
Exploits0References4
OSV
OSV
added 2015/03/09 5:59 p.m.8 views

CVE-2015-2206

libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to...

6.3AI score
Exploits0References10
Prion
Prion
added 2015/03/09 5:59 p.m.27 views

Cross site request forgery (csrf)

libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to...

5CVSS6.9AI score0.03263EPSS
Exploits0References10Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.41 views

RHEL 5 / 6 : httpd (RHSA-2012:0542)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0542 advisory. The Apache HTTP Server httpd is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server di...

7.8CVSS8.5AI score0.98945EPSS
Exploits39References17
Check Point Advisories
Check Point Advisories
added 2013/09/22 12:0 a.m.39 views

Multiple DNS NO SUCH NAME Error Responses (CVE-2012-0006)

The Domain Name System DNS is an hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. If the query names are...

5CVSS6.2AI score0.31083EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2013/01/08 4:30 a.m.4 views

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

4.3CVSS5.8AI score0.6477EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2012/09/19 10:57 a.m.26 views

CVE-2012-4403

theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...

5CVSS5.9AI score0.014EPSS
Exploits0References4
Prion
Prion
added 2012/09/19 10:57 a.m.16 views

Design/Logic Flaw

theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...

5CVSS7AI score0.014EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/09/19 10:0 a.m.23 views

CVE-2012-4403

theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...

6.3AI score0.014EPSS
Exploits0References3
CVE
CVE
added 2012/09/19 10:0 a.m.48 views

CVE-2012-4403

Moodle 2.3.x before 2.3.2 is affected by CVE-2012-4403 due to improper construction of error responses in theme/yui_combo.php for the drag‑and‑drop script. This allows an unauthenticated remote attacker to discover the installation path by requesting a nonexistent resource and reading the respons...

5CVSS6.4AI score0.014EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2012/08/29 12:0 a.m.48 views

ASP-DEv XM Forums RC 3 SQL Injection

. \ || \ \ \ / \ /\ \ |/ \ | / \ | | / | Y Y / \ | \ \ /|| |||| / /| / / / / / Exploit Title: ASP-DEv XM Forums RC 3 Remote Post Sql Injection Vulnerability Google Dork: Intext:"Powered by ASP-DEv XM Forums RC 3" Date: 08/29/2012 Author: Crim3R Site : Http://Ajaxtm.com/ Download Link :...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2012/05/07 6:13 p.m.4 views

httpd: cookie exposure due to error responses

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

4.3CVSS6.7AI score0.82756EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2012/02/29 12:0 a.m.54 views

SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7972)

This update of apache fixes regressions and several security problems : - Fixed a scoreboard corruption shared mem segment by child causes crash of privileged parent invalid free during shutdown. bnc741243, CVE-2012-0031 - Fixed an issue in error responses that could expose 'httpOnly' cookies whe...

5CVSS6.9AI score0.82756EPSS
Exploits7References6
OPENSUSE Linux
OPENSUSE Linux
added 2012/02/28 6:8 p.m.39 views

apache2: fixed various security bugs (important)

This update of apache2 fixes regressions and several security problems: bnc728876, fix graceful reload bnc741243, CVE-2012-0031: Fixed a scoreboard corruption shared mem segment by child causes crash of privileged parent invalid free during shutdown. bnc743743, CVE-2012-0053: Fixed an issue in...

5CVSS0.2AI score0.82756EPSS
Exploits7References4
Apache Httpd
Apache Httpd
added 2012/01/15 12:0 a.m.47 views

Apache Httpd < 2.0.65 : error responses can expose cookies

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...

4.3CVSS0.8AI score0.82756EPSS
Exploits4Affected Software1
CERT
CERT
added 2009/12/08 12:0 a.m.180 views

NTP mode 7 denial-of-service vulnerability

Overview NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition. Description NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes...

6.4CVSS7AI score0.32288EPSS
Exploits3References7
OpenVAS
OpenVAS
added 2009/03/18 12:0 a.m.255 views

Apache Tomcat Detection (HTTP)

HTTP based detection of Apache Tomcat. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800371";...

5.8AI score
Exploits0
Rows per page
Query Builder