18 matches found
CVE-2021-47713 Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...
CVE-2021-47713
Affected software: Hasura GraphQL Engine, version 1.3.3. Vulnerability: Denial-of-service via crafted GraphQL queries with excessively nested fields, enabling an attacker to use long query strings and multi-threaded requests to exhaust server resources and potentially crash the GraphQL endpoint. ...
EUVD-2002-2027
Malware in sbrugna...
CVE-2024-41586
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component...
SUSE CVE-2016-5426
PowerDNS aka pdns Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service backend CPU consumption via a long qname...
SUSE CVE-2018-12422
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the...
UBUNTU-CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...
DEBIAN-CVE-2018-12422
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the...
UBUNTU-CVE-2018-12422
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the...
bind: Too long query name causes segmentation fault in lwresd
It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or...
bind: Too long query name causes segmentation fault in lwresd
It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or...
DLA-645-1 bind9 - security update
Bulletin has no description...
SWSoft ASPSeek 1.0 s.cgi Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2492/info A buffer overflow in ASPSeek versions 1.0.0 through to 1.0.3 allows for arbitrary code execution with the privileges of the web server. The vulnerable script is s.cgi and the buffer overflow can be accessed by...
CVE-2005-4194
Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service application crash via a long query string...
Sybase EAServer WebConsole buffer overflow
Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...
DEBIAN-CVE-2004-0227
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string...
CVE-1999-1070
The CVE-1999-1070 entry describes a buffer overflow in the ping CGI program of Xylogics Annex terminal service, allowing remote denial of service via a long query parameter. Public sources in the connected docs verify the affected component as the ping CGI script and the root cause as a buffer ov...
CVE-2000-0401
Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string...