F5 Networks BIG-IP HTTP/2 DoS (K000133467)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1. It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory. Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate when a client-side HTTP/2...

CVE-2023-40534

CVE-2023-40534 affects F5 BIG-IP HTTP/2 in multiple branches. When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled on a virtual server, and an iRule using HTTP_REQUEST or a Local Traffic Policy is attached, undisclosed requests can cause the Traffic Management Microkernel ...

CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: ModSecurity mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP...

Green CMS 2.x Arbitrary File / Directory Download

Exploit Title: Green CMS 2.x - Arbitrary File & Directory Download Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

Cross-site Scripting (XSS)

paypal/permissions-sdk-php is vulnerable to cross-site scripting XSS attacks. The library does not properly filter user input in the HTTPREQUEST parameter in the GetAccessToken.php sample, allowing a malicious user to inject and execute arbitrary Javascript...

MyDesign Haber Scripti 7 Database Disclosure

======================================================================== | Title : MyDesign v7 Haber Database Disclosure Exploit | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : v7 | Vendor :...

ZTE ZXV10 W300 3.1.0c_DR0 UI Session Delete

Document Title: =============== ZTE ZXV10 W300 v3.1.0cDR0 - UI Session Delete Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1522 Release Date: ============= 2015-06-16 Vulnerability Laboratory ID VL-ID: ===================================...

A-Blog 2.0 - (sources/search.php) SQL Injection Exploit

No description provided by source. !/usr/bin/python Exploit Title: A-Blog v2.0 sources/search.php SQL Injection Exploit Date : 05 September 2010 Author : Ptrace Security Gianni Gnesa gnix Contact : researchatptrace-securitydotcom Software Link: http://sourceforge.net/projects/a-blog/ Version : 2....

E-Mail Security Virtual Appliance (ESVA) Remote Execution

Exploit for linux platform in category remote exploits Exploit Title: E-Mail Security Virtual Appliance ESVA Remote Execution. Date: 10 Aug 2012 Exploit Author: iJoo Vendor Homepage: http://www.esvacommunity.com/ Software Link: http://sourceforge.net/projects/esva-project/ Version: ; while$cmd !...

SQL Injection Vulnerability in Z-Vote

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Z-Vote WordPress plugin which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in Z-Vote The vulnerability exists due to input sanitation errors in the "zvote" parameter in zvote.php. A...

PunBB (Private Messaging System 1.2.x) Multiple LFI Exploit

No description provided by source. ?php errorreporting0; iniset"defaultsockettimeout",5; / PunBB Private Messaging System 1.2.x Multiple LFI Exploit ----------------------------------------------------------- by athos - stakerathotmaildotit download mod http://www.punres.org/files.php?pid=52...

Mambo Component Galleries 1.0 - aid SQL Injection

Mambo Component Galleries 1.0 - aid SQL Injection !/usr/bin/perl -w Mambo Component galleries v 1.0 Remote SQL Injection Found by : Houssamix From H-T Team H-T Team HouSSaMix + ToXiC350 Greetz : bugtr4cker & Stack & HaCkeREgY & Hak3r-b0y & All friends & All muslims HaCkeRs : ScriptName: "Mambo"...

CVE-2008-0550

Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service daemon crash or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header...