CVE-2017-9829

'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK...

CVE-2012-4689

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service daemon crash via a malformed HTTP request...

CVE-2013-3960

Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass...

CVE-2017-14948

Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code remote. The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to...

CVE-2013-2808

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote...

CVE-2003-1270

AN HTTP 1.41e allows remote attackers to cause a denial of service borken pipe via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability...

CVE-2004-2210

Multiple cross-site scripting XSS vulnerabilities in Express-Web Content Management System CMS allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the 1 n, 2 b, 3 e, or 4 a parameters to default.asp, 5 the Referer header in an HTTP reque...

CVE-2006-4830

Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate...

CVE-2003-1306

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information server name and version via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response...

CVE-2003-0445

Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI...

CVE-2005-4749

HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors...

CVE-2002-2190

ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext under the web document root, which allows remote attackers to obtain the passwords via an HTTP request to a .user file...

CVE-2002-2146

cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service crash via a long HTTP request...

CVE-2002-2085

Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. dot dot in an HTTP request...

CVE-2002-1928

602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "" tilde or ".bak" extension...

CVE-2002-1864

Directory traversal vulnerability in Simple Web Server SWS 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." dot dot in an HTTP request...

CVE-2002-1823

Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request...

CVE-2000-1230

Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHPAUTHUSER parameter set to "boogieman"...

CVE-2025-4833

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This issue affects some unknown processing of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow...

CVE-2025-4824

A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possib...