CVE-2016-15039

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...

CVE-2013-3925

Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to 1 /services/2 or 2 services/latest with a DTD containing an XML external entity declaration in conjunction with an...

CVE-2013-5657

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request...

CVE-2013-1222

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38379...

CVE-2013-2371

The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request...

CVE-2013-0669

The HMI web application in Siemens WinCC TIA Portal 11 allows remote authenticated users to cause a denial of service daemon crash via a crafted HTTP request...

CVE-2019-15848

JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting XSS, potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user...

CVE-2019-7929

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request...

CVE-2019-6830

A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller...

CVE-2019-19240

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...

CVE-2019-14336

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request...

CVE-2019-13954

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected...

CVE-2019-13585

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request...

CVE-2017-14149

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request...

CVE-2010-0389

The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an HTTP request that lacks a method token...

CVE-2013-3724

The mkrequestheaderprocess function in mkrequest.c in Monkey 1.1.1 allows remote attackers to cause a denial of service thread crash and service outage via a '\0' character in an HTTP request...

CVE-2011-4882

The web server in Certec atvise webMI2ADS aka webMI before 2.0.2 allows remote attackers to cause a denial of service application exit via an unspecified command in an HTTP request...

CVE-2019-14423

A Remote Code Execution RCE issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request...

CVE-2012-2969

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request...

CVE-2011-4883

The web server in Certec atvise webMI2ADS aka webMI before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service resource consumption via a crafted request...