NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2025-0240)

The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities: - Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue...

PT-2025-34103 · Undefined · Undefined

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception...

AZL-59180 CVE-2025-30204 affecting package moby-engine for versions less than 25.0.3-12

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

Buffer Overflow

libz.so is vulnerable to Buffer Overflow. The vulnerability is present due to the absence of length checks in the filename, extrafield, and comment parameters within the zip.c. This oversight enables an attacker to trigger an integer overflow, leading to a heap-based buffer overflow in the...

SUSE CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

SUSE CVE-2006-4434

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service crash via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of...

SUSE CVE-2009-1490

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header...

SUSE CVE-2013-0272

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header...

SUSE CVE-2016-2515

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service CPU consumption or partial outage via a long 1 header or 2 URI that is matched against an improper regular expression...

Exploit for Classic Buffer Overflow in Microsoft

PoC exploit for CVE-2017-7269, a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2. The exploit is implemented as a Metasploit module, which can be used to execute arbitrary code vi...

Envoy Resource Management Error Vulnerability (CNVD-2020-51750)

Envoy is an open source distributed proxy server . A resource management error vulnerability exists in Envoy versions 1.14.2 and earlier, 1.13.2 and earlier, and 1.12.4 and earlier. An attacker can exploit the vulnerability by consuming large amounts of memory with requests with HTTP/1.1 headers...

envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names

An uncontrolled resource consumption vulnerability was found in Envoy. This flaw allows an attacker to craft many HTTP requests with long field names or URLs to cause the proxy to consume excessive amounts of memory, potentially resulting in a denial of service. The highest threat from this...

PHPMailer < 1.73 Long Header DoS Vulnerability

PHPMailer is prone to a denial of service DoS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Useragent Denial of Service Vulnerability

Useragent is a user agent parser that parses user agent strings by matching browsers with specialized regular expressions. A security vulnerability exists in Useragent 2.1.12 and earlier versions, which stems from the program's use of regular expressions to parse user agent packet headers. The...

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

Hawk Denial of Service Vulnerability

Hawk is a set of HTTP authentication schemes that use Message Authentication Code MAC algorithms in order to provide cryptographic authentication of localized HTTP requests. A denial-of-service vulnerability exists in Hawk versions prior to 3.1.3 and 4.x prior to 4.1.1, which can be exploited by...

CVE-2014-4728

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router TL-WDR4300 with firmware before 140916 allows remote attackers to cause a denial of service crash via a long header in a GET request...

Cross site request forgery (csrf)

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router TL-WDR4300 with firmware before 140916 allows remote attackers to cause a denial of service crash via a long header in a GET request...

Virata EmWeb R6.0.1 - Remote Crash Vulnerability

No description provided by source. Exploit Title: Virata EmWeb R6.0.1 Remote Crash Vulnerability Date: 06/04/10 Author: Jobert Abma Online 24 Email: j.abmaatonline24dotnl Version: R6.0.1 Tested on: linux CVE : Code : This was written for educational purpose. Use it at your own risk. Author will b...

Centrinity FirstClass 5.77 0 Intranet Server Long Header Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1421/info If an E-mail containing an excessively long To: field in the header 1.5 MB is processed by First Class Intranet Services FCIS, a Denial of Service can occur. http://www.exploit-db.com/sploits/20052.tar.gz...