libfetch 缓冲区错误漏洞

libfetch is a browser extension that makes it easier to access the content of electronic resources subscribed to by the NIE Library. A buffer error vulnerability exists in libfetch that stems from incorrectly handling strings of numbers for the FTP and HTTP protocols. the FTP passive mode...

Denial Of Service (DoS)

apk-tools:edge is vulnerable to denial of service. The vulnerability occurs when numeric strings in the FTP and HTTP protocols are mishandled...

Vulristics: Microsoft Patch Tuesdays Q2 2021

Hello everyone! Lets now talk about Microsoft Patch Tuesday vulnerabilities for the second quarter of 2021. April, May and June. Not the most exciting topic, I agree. I am surprised that someone is reading or watching this. For me personally, this is a kind of tradition. Plus this is an opportuni...

Exploit for Use After Free in Microsoft

CVE-2021-31166-Exploit Exploit for MS Http Protocol Stack RCE...

Unauthorized SQL Commands Over HTTP (CVE-2020-15153; CVE-2020-35545)

Unauthorized SQL Commands Over HTTP...

CVE-2021-23846

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021...

CVE-2021-23846

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021...

Design/Logic Flaw

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021...

CVE-2021-23846

The CVE-2021-23846 issue affects Bosch B426/Conettix devices. When using HTTP, the user password is transmitted as a plaintext parameter, enabling network-adjacent attackers to obtain credentials via MITM. Root cause: credentials exposed in cleartext in login handling (e.g., login.cgi). Impact al...

The vulnerability in the Install and Upgrade application for managing Oracle Transportation Execution allows a malicious individual to gain access to create, modify, or delete data.

The vulnerability of the Install and Upgrade component of the Oracle Transportation Execution application relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to access, create, modify, or delete data using the HTTP protocol...

RLSA-2021:2259 Important: nginx:1.18 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 For more details about the...

The vulnerability of the Work Provider Site Level Administration component of the application for accessing, organizing, and interacting with various types of Oracle Universal Work Queue tasks allows a malicious actor to disclose protected information or gain access to the creation, modification, or deletion of data.

The vulnerability of the Work Provider Site Level Administration component of the application for accessing, organizing, and interacting with various types of Oracle Universal Work Queue tasks is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker...

The vulnerability of the Template component in the Oracle Sales Offline remote management tool allows a attacker to trigger a service failure.

The vulnerability of the Template component in the Oracle Sales Offline remote management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to trigger a service failure using the HTTP protocol...

Windows PoC Exploit Released for Wormable RCE

A researcher has released a proof-of-concept PoC exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack http.sys that could lead to wormable remote code execution RCE. Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch...

Exploit for Use After Free in Microsoft

CVE-2021-31166 Detection of attempts to exploit CVE-2021-31166...

Exploit for Use After Free in Microsoft

CVE-2021-31166 0x00.Description This is a proof of concept...

Exploit for Use After Free in Microsoft

CVE-2021-31166 0x00.Description This is a proof of concept...

Exploit for Use After Free in Microsoft

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vuln...

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...

Microsoft HTTP Protocol Stack Remote Code Execution (CVE-2021-31166)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...