15 matches found
EUVD-2010-2074
Malware in sbrugna...
EUVD-2018-18450
Malware in sbrugna...
EUVD-2011-3304
Malware in sbrugna...
EUVD-2019-5645
Malware in sbrugna...
CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
DEBIAN-CVE-2020-25756
A buffer overflow vulnerability exists in the mggethttpheader function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice...
CVE-2020-25756
A buffer overflow vulnerability exists in the mggethttpheader function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice...
CVE-2020-25756
A buffer overflow vulnerability exists in the mggethttpheader function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice...
SUSE-SU-2018:1161-1 Security update for apache2
This update for apache2 fixes the following issues: CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814...
CVE-2009-2281
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...
CVE-2008-5284
The CVE-2008-5284 issue affects multiple products where the web server component can crash due to a crafted HTTP Content-Length header with a negative value. Affected are IEA Software RadiusNT/RadiusX (versions 5.1.38 up to but not including 5.1.44), Emerald (5.0.49 up to before 5.0.52), Air Mars...
CVE-2004-0646
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as 1 modjrun and 2 modjrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields...
CVE-2004-1950
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses...
GetWare Web Server Component - Content-Length Value Remote Denial of Service
source: https://www.securityfocus.com/bid/9451/info The GetWare Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives malicious HTTP requests that contain negative...
Lotus Domino vulnerable to DoS via crafted HTTP header requests
Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Description HTTP requests with uniquely crafted headers using "Accept", "Accept-Charset", "Accept-Encoding", "Accept-Language" or "Content-Type" are not freed properly. This means that...