46 matches found
EUVD-2017-6811
Malware in sbrugna...
EUVD-2017-6812
Malware in sbrugna...
EUVD-2020-12519
Malware in sbrugna...
EUVD-2017-6810
Malware in sbrugna...
CVE-2020-28581
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges...
CVE-2020-28580
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges...
CVE-2025-4969
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated...
CVE-2025-4969
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated...
CVE-2025-4969 Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated...
CVE-2025-4969
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated...
CVE-2025-4969
CVE-2025-4969 affects libsoup (libsoup2.4) and is caused by failure to correctly verify the termination of multipart HTTP messages, which can allow a remote attacker to send a crafted multipart body that makes the libsoup consumer read beyond allocated memory (out-of-bounds read). Debian LTS advi...
CVE-2025-4969
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated...
PT-2025-22321
Name of the Vulnerable Software and Affected Versions libsoup versions 2.4 through 3 Description A flaw was found in the libsoup package due to its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP...
ROS-20240812-09
A vulnerability in the HttpStateData function of the Chunked decoder of the Squid proxy server is related to a buffer overflow on the stack as a result of uncontrolled recursion while processing HTTP messages. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...
USN-5563-1: http-parser vulnerability
It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data...
DrayTek Vigor Format String Vulnerability
DrayTek Vigor is a router. a format string vulnerability exists in DrayTek Vigor, which can be exploited by remote attackers to execute arbitrary code via specially crafted HTTP messages containing malformed query strings...
TP-Link AX10 Input Validation Error Vulnerability
TP-Link AX10, a router from Tp-link, is vulnerable to an input validation error in TP-Link AX10 v1. The vulnerability stems from the fact that the product does not effectively handle special HTTP messages. An attacker could cause a denial of service to the target through this vulnerability...
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...
CVE-2021-1576 Cisco Business Process Automation Privilege Escalation Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...
CVE-2021-1576 Cisco Business Process Automation Privilege Escalation Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...