CVE-2002-1087

The scripts 1 createdir.php, 2 removedir.php and 3 uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request...

CVE-2002-1068

The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service hang via a large HTTP POST request...

CVE-2002-1084

The CVE-2002-1084 entry concerns ezContents 1.41 and earlier, where VerifyLogin does not properly halt program execution after an improper login, enabling remote attackers to modify and view restricted information via HTTP POST requests. Affected component: VerifyLogin function in ezContents (ver...

CVE-2002-1087

The scripts 1 createdir.php, 2 removedir.php and 3 uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request...

CVE-2002-1087

The CVE-2002-1087 entry concerns ezContents 1.41 and earlier, where three scripts (createdir.php, removedir.php, uploadfile.php) fail to perform credential checks. This allows remote attackers to create or delete directories and upload files via a direct HTTP POST request. Documented impact is un...

CVE-2002-1077

IPSwitch IMail Web Calendaring service iwebcal allows remote attackers to cause a denial of service crash via an HTTP POST request without a Content-Length field...

CVE-2002-1077

IMail Web Calendaring service (iwebcal) in IPSwitch IMail is affected by CVE-2002-1077. A remote attacker can cause a denial of service (crash) by sending an HTTP POST request that lacks a Content-Length header. The description and connected records confirm the affected component and the vulnerab...

CVE-2002-1068

The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service hang via a large HTTP POST request...

CVE-2002-0769

The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to 1 obtain the password from the login screen, or 2 reconfigure the adaptor by modifying...

IPSwitch IMail 6.x/7.0.x - Web Calendaring Incomplete Post Denial of Service

source: https://www.securityfocus.com/bid/5365/info IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. When a HTTP POST command is made to the web calendaring service on port 8484, and the...

CVE-2002-0769

The CVE-2002-0769 entry concerns Cisco ATA-186 Analog Telephone Adaptor. The vulnerability arises in the web-based configuration interface, where an HTTP POST containing a single byte can bypass authentication. This enables (a) extraction of the login password from the login screen and (b) reconf...

CVE-2002-0769

The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to 1 obtain the password from the login screen, or 2 reconfigure the adaptor by modifying...

CVE-2002-0717

PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed...

Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1

PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Issued on: July 22, 2002 Software: PHP versions 4.2.0 and 4.2.1 Platforms: All The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with...

PHP fails to properly parse the headers of HTTP POST requests

Overview A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server. Description PHP is a popular scripting language in widespread use. For more information about PHP, see...

Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow

Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow // source: https://www.securityfocus.com/bid/5188/info The Microsoft Foundation Class Library is a library used to develop applications for Microsoft Windows. Some versions of the MFC include an ISAPI class, which can be used to...

Cisco ATA-186 Password Circumvention / Recovery

The remote host appears to be a Cisco ATA-186 - an analog telephone adapter used to interface analog telephones to VoIP networks. The adapter is configured via a web interface that has a security bypass vulnerability. It is possible to bypass authentication by sending an HTTP POST request with a...

Cisco ATA-186 admin password can be trivially circumvented

The Cisco ATA-186 Analog Telephone adapter interfaces "legacy" analog telephones to VoIP networks. The adapter can be configured via a web interface, that typically requires a password to access. Unfortunately, this password protection can be trivially circumvented. On two ATA-186s that we tested...

CVE-1999-1416

CVE-1999-1416 affects the AnswerBook2 (AB2) web server dwhttpd 3.1a4. A remote attacker can trigger a denial of service by sending an HTTP POST with a large Content-Length, exhausting resources. No exploitation details or patches are provided in the connected documents.

Web Server HTTP POST Method Handling Remote Overflow DoS

Nessus tests the stability of a remote web service by sending a significantly large HTTP POST and then confirms if the web service is still responsive. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10687; scriptversion "1.25"; scriptcvsdate"Date: 2018/12/21 16:12:09"...