78 matches found
Input validation
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...
CVE-2023-20159 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...
Request smuggling due to improper request handling in golang.org/x/net/http2/h2c
...
CVE-2022-41721 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...
DEBIAN-CVE-2022-32749
Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3...
The vulnerability of the mod_proxy_ajp module in the Apache HTTP Server allows a hacker to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the modproxyajp module in the Apache HTTP Server is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests HTTP Request Smuggling attack...
多款Cisco产品资源管理错误漏洞
Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software are both products of Cisco, Inc. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides highly secure access to data and network resources, among other...
CVE-2021-33841
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges...
PT-2021-20343 · Unknown · Sge-Plc1000
Name of the Vulnerable Software and Affected Versions: SGE-PLC1000 device version 0.9.2b Description: The issue allows a remote attacker to inject code into the operating system with maximum privileges due to incorrect handling of certain requests. Recommendations: For version 0.9.2b, at the...
GHSA-733F-44F3-3FRW gopkg.in/macaron.v1 Open Redirect vulnerability
macaron before 1.3.7 has an open redirect in the static handler. Due to improper request santization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
SonicOS SSLVPN External Service Interaction (DNS) Vulnerability
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction DNS due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. CVE: CVE-2020-5130 Last updated: July 16, 2020, 9:26 a.m...
CVE-2020-1350
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'...
CVE-2020-1318
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297...
Cross site request forgery (csrf)
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery CSRF.To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka...
CVE-2019-0562
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft...
CVE-2018-0700
YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition...
Microsoft SharePoint Enterprise Server Remote Elevation of Privilege Vulnerability (CNVD-2019-00965)
Microsoft SharePoint Enterprise Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An...
CVE-2018-8247
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from...
KLA11225 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An improper font handling in the Office graphics...
Microsoft SharePoint Remote Elevation of Privilege Vulnerability (CNVD-2018-07004)
Microsoft Project Server 2013 SP1 and SharePoint Enterprise Server 2016 are both products of Microsoft Corporation.Microsoft Project Server 2013 SP1 is a suite of project management solutions for project portfolio management PPM and Microsoft Project Server 2013 SP1 is a project management soluti...