43 matches found
CVE-2010-0361
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request...
EUVD-2019-13780
Malware in sbrugna...
EUVD-2002-2220
Malware in sbrugna...
EUVD-2016-0245
Malware in sbrugna...
EUVD-2002-0237
Malware in sbrugna...
EUVD-2024-2263
Malicious code in bioql PyPI...
CVE-2025-32094
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai...
PT-2025-32252 · Akamai · Akamaighost
Name of the Vulnerable Software and Affected Versions: Akamai Ghost versions prior to 2025-03-26 Description: An issue exists in Akamai Ghost, used for the Akamai CDN platform. A client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can...
PT-2024-9697
Name of the Vulnerable Software and Affected Versions: CyberPanel versions prior to 2.3.8 Description: The issue exists due to the lack of measures to neutralize special elements, allowing a remote attacker to execute arbitrary commands using a specially crafted HTTP OPTIONS request. This can be...
CVE-2024-40627
Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...
CVE-2024-40627
Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...
CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests
Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...
CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests
Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...
CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests
Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...
CVE-2024-40627
CVE-2024-40627 concerns the Fastapi-OPA OpaMiddleware, which incorrectly allows unauthenticated HTTP OPTIONS requests by bypassing policy evaluation. This can enable an unauthenticated attacker to infer entity existence based on responses, potentially leaking information about writable entities. ...
GHSA-5F5C-8RVC-J8WF OpaMiddleware does not filter HTTP OPTIONS requests
Summary HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. The maintainer uncertain whether this should be classed as a "bug" or "security issue" – but is erring on the side of "security issue" as an...
OpaMiddleware does not filter HTTP OPTIONS requests
Summary HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. The maintainer uncertain whether this should be classed as a "bug" or "security issue" – but is erring on the side of "security issue" as an...
How to use the CLI to disable HTTP OPTIONS Method for virtual server
Some security scanning reports suggest to disable the OPTIONS HTTP Method on web server. The article provides the use of a rewrite policy to avoid processing the OPTIONS HTTP Method...
HTTP Fetch, Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an HTTP server. Spawn a piped command shell Windows x64 staged. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/http/x64/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuui...
Backdoor.Win32.Levelone.b Remote Stack Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/3f82e6ddc9f5242f5af200d2fbae4ce4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Levelone.b Vulnerability: Remote Stack Buffer Overflow Description: The backdoor...