SAP NetWeaver 安全漏洞

SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform primarily provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver that stems from insufficient input validation and improper...

EUVD-2015-0702

Malware in sbrugna...

Cross-Site Request Forgery (CSRF)

typo3/cms-scheduler is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods and a failure to enforce appropriate security settings, which allows attackers to submit malicious requests through CSRF...

curl security and bug fix update

7.61.1-33.5 - cap SFTP packet size sent RHEL-5485 - when keyboard-interactive auth fails, try password 2229800 - unify the upload/method handling CVE-2023-28322 - fix cookie injection with none file CVE-2023-38546 - lowercase the domain names before PSL checks CVE-2023-46218...

curl security update

7.76.1-23.el92.2 - unify the upload/method handling CVE-2023-28322 - fix host name wildcard checking CVE-2023-28321...

http-swagger 安全漏洞

http-swagger is a net/http wrapper. A security vulnerability exists in http-swagge, which stems from versions of http-swagger prior to 1.2.6, where an attacker may be able to perform denial-of-service attacks, including running out of memory on the host system. The memory exhaustion is attributed...

SUSE-SU-2022:14876-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. bsc1194198, bsc1192052 - CVE-2021-3558...

ALPINE-CVE-2019-0196

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

Sandbox Restrictions Bypass

OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit is vulnerable to sandbox restriction bypass. It has a flaw in method handling intrinsic frames...

Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37630)

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability exists in the handling of NVBUBackup Get method requests in Quest NetVault Backup versions prior to 11.4.5, which stems from the program failing to properly detect user-submitted strin...

Cisco Cloud Web Security Security Restriction Bypass Vulnerability

Cisco Cloud Web Security is the United States Cisco Cisco company's set of network security protection software. connector engine is one of the connector engine. A security vulnerability exists in the connector engine in Cisco Cloud Web Security, which stems from the program's failure to properly...

CoreHTTP Web server buffer overflow

Off-by-one buffer overflow on request method handling...

Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (APSB08-15) - Windows

Adobe Reader/Acrobat is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Reader < 7.1.0 / 8.1.2 SU1 Unspecified JavaScript Method Handling Arbitrary Code Execution

The version of Adobe Reader installed on the remote Windows host contains a flaw in the function Collab.collectEmailInfo that could allow a remote attacker to crash the application and/or to take control of the affected system. To exploit this flaw, an attacker would need to trick a user on the...

CVE-2003-0249

PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache...

Web Server HTTP Method Handling Remote Overflow

It was possible to kill the web server by sending an invalid request with a long HTTP method field. A remote attacker may exploit this vulnerability to make the web server crash continually or possibly execute arbitrary code. C Tenable Network Security, Inc. Script audit and contributions from...