404 matches found
CVE-2021-21492
SAP NetWeaver Application Server JavaHTTP Service, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled...
CVE-2019-5504
ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions...
CVE-2017-9139
There is a stack-based buffer overflow on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service used to login to the web UI of a router for 1 to 2 seconds...
CVE-2007-5560
Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being...
Do Not Install the HTTP Service
HyperText Transfer Protocol HTTP is a simple request-response protocol and usually runs over TCP. It specifies what messages the client may send to the server and what responses the client receives. Request and response messages include headers in ASCII, and the message content often uses a...
Postorius Detection (HTTP)
HTTP based detection of Postorius. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.154376";...
CVE-2022-32502
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...
CVE-2024-22044
A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet 3KC9000-8TL75 All versions. Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service...
VMWare Web Login Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Web Login Scanner', 'Description' = 'This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI',...
CVE-2024-34683 Unrestricted file upload in SAP Document Builder (HTTP service)
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser...
PT-2024-9689 · D Link · D-Link Dap-2555
Name of the Vulnerable Software and Affected Versions: D-Link DAP-2555 version REVA FIRMWARE 1.20 Description: A buffer overflow vulnerability in the D-Link DAP-2555 allows remote attackers to cause a Denial of Service DoS via a crafted HTTP request. The issue is related to the /sbin/httpd file a...
(0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from...
CVE-2024-5295
D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability
D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2024-5295
CVE-2024-5295 affects the D-Link G416 wireless router. The flaw is a command injection in the HTTP service on TCP port 80, caused by improper validation of a user-supplied string before it is used to execute a system call. This allows network-adjacent attackers to execute arbitrary code with root...
CVE-2022-32502
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...
CVE-2022-32502
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...
CVE-2022-32502
An issue was discovered on certain Nuki Home Solutions devices. There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...
CVE-2022-32502
The CVE-2022-32502 entry describes a buffer overflow in the HTTP service token parsing on certain Nuki Bridge devices, enabling remote code execution. Affected: Nuki Bridge v1 prior to 1.22.0 and v2 prior to 2.13.2. The provided documents specify the vulnerability type and impacted versions but d...
CVE-2023-50215
D-Link G416 nodered gz File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific...