16 matches found
EUVD-2013-1938
Malware in sbrugna...
EUVD-2022-42401
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-39957
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional charset...
Authorization Bypass
modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to an HTTP accept header field , allowing an attacker to do a response body bypass by accessing to restricted resources...
CVE-2022-39957
A flaw was found in the OWASP ModSecurity Core Rule Set. A payload with a HTTP accept header field containing a charset that can't be decoded by the Web Application Firewall allows a response body bypass, resulting in access to restricted resources...
CVE-2022-39957
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
Design/Logic Flaw
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
Ruby on Rails 5.2 "DoubleTap" Directory Traversal
Ruby on Rails 5.2.2 and prior are vulnerable to a directory traversal attack due to the way the HTTP ACCEPT header is parsed, which ends up being a template for Rails to render. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Background Ruby on Rails is a server-side web...
CVE-2018-7582
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service daemon crash via a long HTTP Accept Header to TCP port 9991...
CVE-2018-7582
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service daemon crash via a long HTTP Accept Header to TCP port 9991...
WebLog Expert Web Server Enterprise 9.4 Denial Of Service Exploit
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ======= www.weblogexpert.com Product: ========= WebLog Expert Web Server Enterprise v9.4 WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:...
CVE-2016-0751
actionpack/lib/actiondispatch/http/mimetype.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service...
CVE-2016-0751
actionpack/lib/actiondispatch/http/mimetype.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service...
CVE-2013-1946
The CVE-2013-1946 entry affects Drupal’s RESTful Web Services (RESTWS) module for Drupal 7.x-1.x up to 7.x-1.3 and 7.x-2.x up to 7.x-2.0-alpha5. When page caching is enabled and anonymous users have RESTWS permissions, a GET request with an HTTP Accept header set to a non-HTML type can cause a de...