5909 matches found
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Exploit Title: SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Discovery by: LiquidWorm Date: 2019-12-02 Vendor Homepage: Tested Version: 6.5.33.17072501 CVE: N/A Advisory ID: ZSL-2019-5543 Advisory URL:...
Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure (cisco-sa-20191120-sbr-rv-infodis)
According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by an information disclosure vulnerability in the web-based management interface due to improper authorization of HTTP requests. An unauthenticated, remote attacker can exploit this, by sending...
Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery Vulnerabilities
Carlo Gavazzi SmartHouse version 6.5.33 suffers from cross site request forgery along with both reflective and persistent cross site scripting vulnerabilities. Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Vendor: Carlo Gavazzi Automation S.p.A Product web page:...
CVE-2016-1000110
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
CVE-2016-1000110
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
PSF-2019-2 HTTPoxy attack
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
CVE-2016-1000110
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
Cisco IOS XE Software, Catalyst, and NGWC GUI Privilege Escalation (cisco-sa-20170927-ngwc)
According to its self-reported version, Cisco IOS XE Software is affected by a privilege escalation vulnerability in the web-based Wireless Controller GUI for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E Wireless Switches, and Cisco New Generation Wireless...
CVE-2019-15990
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An...
Authorization
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An...
CVE-2019-15990 Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An...
OPF OpenProject Activities API SQL Injection (CVE-2019-11600)
A SQL injection vulnerability has been reported in OpenProject. This vulnerability can be exploited by sending crafted HTTP requests to a vulnerable application. Successful exploitation could lead to arbitrary SQL statement execution in the security context of database service...
CVE-2019-19240
The CVE-2019-19240 entry concerns Embedthis GoAhead before 5.0.1. Affected component: GoAhead WebsRedirect, which uses a fixed-size host buffer. Under certain redirected HTTP requests with a large Host header, the copy of the Host header can overflow, leaving the buffer uninitialized and potentia...
CVE-2019-6660
On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service...
Denial of service
On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service...
CVE-2019-6660
On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service...
CVE-2019-3662
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests...
Path traversal
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests...
CVE-2019-3660
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests...
Input validation
Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests...