Linux Distros Unpatched Vulnerability : CVE-2003-1418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode numbe...

Linux Distros Unpatched Vulnerability : CVE-2010-1452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a reques...

Linux Distros Unpatched Vulnerability : CVE-2011-2767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in Twisted [CVE-2024-41671]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in Twisted, caused by a flaw in HTTP 1.0 and 1.1 server CVE-2024-41671. Twisted is used by our Speech Runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below...

2.4 bug fix and enhancement update

An update is available for module.modmd, module.modhttp2, modhttp2, httpd, modmd, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2025-047)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.12.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-047 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError...

CVE-2025-0728

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaroun...

CVE-2025-0727 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...

CVE-2025-0728 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaroun...

CVE-2025-0728 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaroun...

CVE-2025-0726 Eclipse ThreadX NetX Duo HTTP server denial of service

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

CVE-2025-0726 Eclipse ThreadX NetX Duo HTTP server denial of service

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users ca...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo prior to version 6.4.2, which stems from an issue included in the NetX HTTP server functionality that could lead to a denial of service...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo prior to version 6.4.2, which stems from a buffer overflow issue included in the NetX HTTP server functionality...

HTTP Fetch, Linux Reboot

Fetch and execute an MIPSBE payload from an HTTP server. A very small shellcode for rebooting the system. This payload is sometimes helpful for testing purposes or executing other payloads that rely on initial startup procedures. Requires CAPSYSBOOT privileges. Module Options msf use...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an AARCH64 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/aarch64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

The vulnerability in the function PLT_FileMediaServerDelegate::ExtractResourcePath() of the file PltHttpServer.cpp in the software development library Platinum UPnP SDK allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the PLTFileMediaServerDelegate::ExtractResourcePath function in the pltHttpServer.cpp file of the software development library, Platinum UPnP SDK, is related to an incorrect limitation on the path name for directories with restricted access. Exploiting this vulnerability coul...

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...