Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

Cvelist
Cvelistadded 2020/09/29 12:0 a.m.26 views

CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

7.5AI score0.00241EPSS
Exploits0References8
Tenable Nessus
Tenable Nessusadded 2018/11/05 12:0 a.m.40 views

Apache Tomcat 7.0.x < 7.0.78 Remote Error Page Manipulation

According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78 or 8.5.x prior to 8.5.15. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet...

7.5CVSS7.4AI score0.10802EPSS
Exploits1References2
Veracode
Veracodeadded 2018/06/18 5:37 a.m.56 views

Cross-Site Tracing (XST)

spring-web is vulnerable to cross-site tracing XST attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting XSS vulnerability to be vulnerable to XST...

5.9CVSS6.9AI score0.02602EPSS
Exploits0References12Affected Software1
CVE
CVEadded 2011/12/25 1:0 a.m.58 views

CVE-2011-5009

The CVE-2011-5009 vulnerability affects 3S CoDeSys CmpWebServer (Control service) as part of CoDeSys 3.4 SP4 Patch 2. It stems from insufficient validation of incoming HTTP requests, leading to a NULL pointer dereference when handling a crafted Content-Length in an HTTP POST or an invalid HTTP me...

5CVSS6.8AI score0.24626EPSS
Exploits1References7Affected Software1
OSV
OSVadded 2009/12/30 10:30 p.m.4 views

CVE-2008-7249

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

7.6AI score
Exploits0References4
Prion
Prionadded 2009/12/30 10:30 p.m.11 views

Buffer overflow

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

9.3CVSS7.9AI score0.13048EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2009/12/30 10:0 p.m.20 views

CVE-2008-7249

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

9.3CVSS7.4AI score0.03527EPSS
Exploits0
Cvelist
Cvelistadded 2004/04/16 4:0 a.m.18 views

CVE-2004-0385

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear...

7.6AI score0.44246EPSS
Exploits0References10
Rows per page
Query Builder