Lucene search
K

110 matches found

CVE
CVE
added 2024/01/18 12:31 a.m.36 views

CVE-2021-4433

Karjasoft Sami HTTP Server 2.0 is affected in the HTTP HEAD Request Handler component. The vulnerability (CVE-2021-4433) arises from manipulation of this handler, leading to remote denial of service. Exploitation has been disclosed publicly. Remediation suggestions from PT Security indicate disab...

7.5CVSS7.5AI score0.01261EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2023/08/11 5:18 p.m.71 views

HackerOne: Bypass of #2035332 RXSS at image.hackerone.live via the `url` parameter

A reflected cross-site scripting RXSS vulnerability was discovered on the image.hackerone.live website. The vulnerability allowed an attacker to bypass the fix implemented for a previous RXSS issue. By modifying the server's response to a HEAD request, the attacker could change the Content-Type a...

6.5AI score
Exploits0
OSV
OSV
added 2022/05/24 4:59 p.m.25 views

GHSA-89VJ-RQV8-7737 Jenkins Deploy WebLogic Plugin missing permission check

JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...

4.3CVSS4.4AI score0.00788EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.17 views

Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability

JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...

8.8CVSS8.2AI score0.00767EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.18 views

Jenkins Deploy WebLogic Plugin missing permission check

JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...

4.3CVSS5AI score0.00788EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:49 a.m.31 views

Django Might Allow CSRF Requests via URL Verification

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...

5CVSS6.8AI score0.02341EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2019/10/28 5:15 p.m.5 views

CVE-2019-17181

A remote SEH buffer overflow has been discovered in IntraSrv 1.0 2007-06-03. An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system...

9.8CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2019/01/03 7:29 p.m.5 views

CVE-2018-19861

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued...

9.8CVSS6.1AI score0.12555EPSS
Exploits6References3
0day.today
0day.today
added 2018/12/18 12:0 a.m.114 views

MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit

Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...

9.8CVSS0.71908EPSS
Exploits11
0day.today
0day.today
added 2018/12/08 12:0 a.m.91 views

MiniShare 1.4.1 HEAD / POST Buffer Overflow Exploit

Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...

9.8CVSS0.3AI score0.71908EPSS
Exploits11
Packet Storm
Packet Storm
added 2018/12/07 12:0 a.m.322 views

MiniShare 1.4.1 HEAD / POST Buffer Overflow

Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...

7.5CVSS0.6AI score0.71908EPSS
Exploits11
Saint
Saint
added 2017/10/25 12:0 a.m.602 views

Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability

Added: 10/25/2017 CVE: CVE-2017-6622 BID: 98520 Background The Cisco Prime Collaboration product family facilitates installation and maintenance of Cisco Unified Communications and Cisco TelePresence components, as well as the provisioning of users and services. Problem Missing security constrain...

10CVSS9.6AI score0.6217EPSS
Exploits5
Prion
Prion
added 2015/04/24 2:59 p.m.16 views

Stack overflow

Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service tvMobiliService service crash via a long string in a 1 GET or 2 HEAD request to TCP port 30888...

5CVSS7.2AI score0.03988EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2015/04/24 2:0 p.m.22 views

CVE-2012-5451

Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service tvMobiliService service crash via a long string in a 1 GET or 2 HEAD request to TCP port 30888...

6.7AI score0.03988EPSS
Exploits4References3
NVD
NVD
added 2014/06/13 2:55 p.m.27 views

CVE-2010-5301

Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request...

7.5CVSS7.9AI score0.10609EPSS
Exploits3References3
Prion
Prion
added 2014/06/13 2:55 p.m.17 views

Stack overflow

Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request...

7.5CVSS8.6AI score0.10609EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2014/06/13 2:0 p.m.56 views

CVE-2010-5301

CVE-2010-5301: Kolibri WebServer 2.0 is affected by a stack-based buffer overflow when handling a long URI in a HEAD request, enabling remote code execution. The connected documents corroborate an RCE risk via crafted requests; no explicit patch/version remediation is provided in the supplied sou...

7.5CVSS8.1AI score0.10609EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2014/06/13 2:0 p.m.29 views

CVE-2010-5301

Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request...

7.9AI score0.10609EPSS
Exploits3References3
CVE
CVE
added 2013/09/13 6:0 p.m.51 views

CVE-2013-4813

CVE-2013-4813 affects HP ProCurve Manager (PCM) and HP PCM+ / IDM 4.0. The flaw resides in the AgentController/Agent servlet and allows remote code execution via HEAD requests, with the issue tracked as ZDI-CAN-1745. Affected software versions are PCM v3.x/v3.20 and v4.0, PCM+ v3.20/v4.0, and IDM...

10CVSS7.6AI score0.08507EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2013/09/11 12:0 a.m.3 views

PT-2013-5212 · Hewlett Packard · Hp Procurve Manager +2

Name of the Vulnerable Software and Affected Versions: HP ProCurve Manager versions 3.20 through 4.0 HP PCM+ versions 3.20 through 4.0 Identity Driven Manager version 4.0 Description: The issue allows remote attackers to execute arbitrary commands via a HEAD request. This is related to the Agent...

10CVSS8AI score0.08507EPSS
Exploits0References7
Rows per page
Query Builder