5909 matches found
CVE-2018-1721
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369...
Xxe
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369...
Chneider-electric Modicon Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...
EulerOS 2.0 SP5 : openwsman (EulerOS-SA-2019-2179)
According to the version of the openwsman packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests...
Ubuntu: Security Advisory (USN-4174-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
python-requests bug fix update
An update is available for python-requests. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-requests package contains a library designed to make HTTP...
python-requests bug fix update
The python-requests package contains a library designed to make HTTP requests easy for developers. Bug fix: The fix CVE-2018-18074 leads to a regression BZ1758261...
USN-4174-1: HAproxy vulnerability
It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation Request Smuggling...
CVE-2018-4031
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...
Cross site request forgery (csrf)
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...
CVE-2018-4031
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...
CVE-2018-4031
CVE-2018-4031 affects CUJO Smart Firewall firmware 7003. The safe-browsing component abuses Lunatik (kernel Lua) by injecting unsanitized Host header data into a Lua statement, enabling arbitrary code execution in the kernel. Exploitation can occur via crafted HTTP/HTTPS requests containing a mal...
GLSA-201910-01 : PHP: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201910-01 PHP: Arbitrary code execution A underflow in envpathinfo in PHP-FPM under certain configurations can be exploited to gain remote code execution. Impact : A remote attacker, by sending special crafted HTTP requests, could...
Server-Side Request Forgery (SSRF)
xmppserver is vulnerable to server-side request forgery SSRF. The getImage function in FaviconServlet.java allows attackers to send arbitrary HTTP GET requests on behalf of the server...
CVE-2019-18202
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...
CVE-2019-18202
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...
Improper access control
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...
CVE-2019-18202
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...
Adobe Experience Manager CVE-2019-8234 Cross Site Request Forgery Vulnerability
Description Adobe Experience Manager is prone to a cross-site request forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Technologies Affected Adobe...
Intelbras Router WRN150 1.0.18 Cross Site Scripting
Exploit Title: Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting Date: 2019-10-03 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : CVE-2019–17411 PoC 1:...