CVE-2019-13954

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

CVE-2019-13585

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request...

CVE-2017-14149

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request...

CVE-2010-0389

The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an HTTP request that lacks a method token...

CVE-2013-3724

The mkrequestheaderprocess function in mkrequest.c in Monkey 1.1.1 allows remote attackers to cause a denial of service thread crash and service outage via a '\0' character in an HTTP request...

CVE-2011-4882

The web server in Certec atvise webMI2ADS aka webMI before 2.0.2 allows remote attackers to cause a denial of service application exit via an unspecified command in an HTTP request...

CVE-2019-14423

A Remote Code Execution RCE issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request...

CVE-2012-2969

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request...

CVE-2011-4883

The web server in Certec atvise webMI2ADS aka webMI before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service resource consumption via a crafted request...

CVE-2017-9829

'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK...

CVE-2012-4689

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service daemon crash via a malformed HTTP request...

CVE-2013-3960

Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass...

CVE-2017-14948

Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code remote. The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to...

CVE-2013-2808

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote...

CVE-2003-1270

AN HTTP 1.41e allows remote attackers to cause a denial of service borken pipe via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability...

CVE-2004-2210

Multiple cross-site scripting XSS vulnerabilities in Express-Web Content Management System CMS allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the 1 n, 2 b, 3 e, or 4 a parameters to default.asp, 5 the Referer header in an HTTP reque...

CVE-2006-4830

Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate...

CVE-2003-1306

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information server name and version via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response...

CVE-2003-0445

Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI...

CVE-2005-4749

HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors...