110 matches found
CVE-2021-4433
Karjasoft Sami HTTP Server 2.0 is affected in the HTTP HEAD Request Handler component. The vulnerability (CVE-2021-4433) arises from manipulation of this handler, leading to remote denial of service. Exploitation has been disclosed publicly. Remediation suggestions from PT Security indicate disab...
HackerOne: Bypass of #2035332 RXSS at image.hackerone.live via the `url` parameter
A reflected cross-site scripting RXSS vulnerability was discovered on the image.hackerone.live website. The vulnerability allowed an attacker to bypass the fix implemented for a previous RXSS issue. By modifying the server's response to a HEAD request, the attacker could change the Content-Type a...
GHSA-89VJ-RQV8-7737 Jenkins Deploy WebLogic Plugin missing permission check
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
Jenkins Deploy WebLogic Plugin missing permission check
JenkinsDeploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller...
Django Might Allow CSRF Requests via URL Verification
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...
CVE-2019-17181
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 2007-06-03. An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system...
CVE-2018-19861
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued...
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit
Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...
MiniShare 1.4.1 HEAD / POST Buffer Overflow Exploit
Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...
MiniShare 1.4.1 HEAD / POST Buffer Overflow
Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...
Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability
Added: 10/25/2017 CVE: CVE-2017-6622 BID: 98520 Background The Cisco Prime Collaboration product family facilitates installation and maintenance of Cisco Unified Communications and Cisco TelePresence components, as well as the provisioning of users and services. Problem Missing security constrain...
Stack overflow
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service tvMobiliService service crash via a long string in a 1 GET or 2 HEAD request to TCP port 30888...
CVE-2012-5451
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service tvMobiliService service crash via a long string in a 1 GET or 2 HEAD request to TCP port 30888...
CVE-2010-5301
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request...
Stack overflow
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request...
CVE-2010-5301
CVE-2010-5301: Kolibri WebServer 2.0 is affected by a stack-based buffer overflow when handling a long URI in a HEAD request, enabling remote code execution. The connected documents corroborate an RCE risk via crafted requests; no explicit patch/version remediation is provided in the supplied sou...
CVE-2010-5301
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request...
CVE-2013-4813
CVE-2013-4813 affects HP ProCurve Manager (PCM) and HP PCM+ / IDM 4.0. The flaw resides in the AgentController/Agent servlet and allows remote code execution via HEAD requests, with the issue tracked as ZDI-CAN-1745. Affected software versions are PCM v3.x/v3.20 and v4.0, PCM+ v3.20/v4.0, and IDM...
PT-2013-5212 · Hewlett Packard · Hp Procurve Manager +2
Name of the Vulnerable Software and Affected Versions: HP ProCurve Manager versions 3.20 through 4.0 HP PCM+ versions 3.20 through 4.0 Identity Driven Manager version 4.0 Description: The issue allows remote attackers to execute arbitrary commands via a HEAD request. This is related to the Agent...