Lucene search
+L

83 matches found

OSV
OSV
added 2023/03/17 11:5 a.m.9 views

OESA-2023-1161 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can...

9.8CVSS9.2AI score0.8377EPSS
Exploits5References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.4 views

SUSE CVE-2013-1912

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service crash and possibly execute...

5.1CVSS8.1AI score0.05464EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/10/03 12:0 a.m.438 views

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: zeroSteiner at January 10, 2023 2:58pm UTC reported: CVE-2022-41082, also known as ProxyNotShell is an authenticated RCE in Microsoft Exchange. ProxyNotShell actually combines CVE-2022-41082 and CVE-2022-41040 for t...

9.8CVSS9AI score0.9997EPSS
In wildExploits16References7
CNNVD
CNNVD
added 2021/11/03 12:0 a.m.8 views

Artica Pandora FMS 注入漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS 755 and earlier versions, which stems from the fact that .htaccess...

6.7CVSS6.5AI score0.00311EPSS
Exploits1References3
OSV
OSV
added 2021/07/19 3:15 p.m.10 views

GHSA-VJV5-GP2W-65VM Encoded URIs can access WEB-INF directory in Eclipse Jetty

Description URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Impact The default compliance mode allows requests with UR...

5.3CVSS6.7AI score0.99298EPSS
Exploits6References41
OSV
OSV
added 2020/08/07 4:15 p.m.3 views

UBUNTU-CVE-2020-11985

IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...

5.3CVSS7.1AI score0.06808EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2018/07/05 12:0 a.m.18 views

wordpress -- multiple issues

wordpressdevelopers reports: Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging out. Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen. Community Events Dashboard: Always show the nearest WordCamp if one is...

Exploits0References1
OpenVAS
OpenVAS
added 2016/01/25 12:0 a.m.27 views

openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2016:0214-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.23592EPSS
Exploits5References1
Kitploit
Kitploit
added 2014/07/16 9:8 p.m.29 views

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

8.2AI score
Exploits0
myhack58
myhack58
added 2013/11/06 12:0 a.m.19 views

About apache+php-cgi mod attack-vulnerability warning-the black bar safety net

One, the origin of: 1, the attack code International well-known vulnerabilities to attack the code release mechanism exploit-db released one for apache+php attack code, The authors of the famous international hacker Kingcope it. See http://www.exploit-db.com/exploits/29290/ Attacks effect derived...

7.6AI score0.99998EPSS
Exploits42
RedHat Linux
RedHat Linux
added 2013/05/28 5:21 p.m.7 views

haproxy: rewrite rules flaw can lead to arbitrary code execution

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service crash and possibly execute...

5.1CVSS6.3AI score0.05464EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2013/04/10 3:0 p.m.26 views

CVE-2013-1912

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service crash and possibly execute...

5.1CVSS7.8AI score0.05464EPSS
Exploits0
CVE
CVE
added 2013/04/10 3:0 p.m.118 views

CVE-2013-1912

HAProxy CVE-2013-1912 describes a buffer overflow in specific configurations: when HTTP keep-alive is enabled, HTTP keywords are used in TCP inspection rules, and request-append rewrite rules are active. The issue, present in HAProxy 1.4 up to 1.4.22 and 1.5-dev up to 1.5-dev17, can cause a crash...

5.1CVSS7.8AI score0.05464EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2013/04/09 6:7 p.m.5 views

haproxy: rewrite rules flaw can lead to arbitrary code execution

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service crash and possibly execute...

5.1CVSS6.3AI score0.05464EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/02/11 12:0 a.m.44 views

Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692)

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: F...

6.4CVSS5.7AI score0.28857EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2011/04/11 8:24 p.m.8 views

rhn_satellite: Incorrect mod_rewrite rules (information disclosure, abuse as distributed DoS tool)

Red Hat Network RHN Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to 1 obtain unspecified sensitive host information or 2 use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors...

6.4CVSS6AI score0.01708EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2008/09/26 12:0 a.m.29 views

lighttpd -- multiple vulnerabilities

Lighttpd seurity annoucement: lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are used...

6.4AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.35 views

Ubuntu 5.04 / 5.10 / 6.06 LTS : apache2 vulnerability (USN-328-1)

Mark Dowd discovered an off-by-one buffer overflow in the modrewrite module's ldap scheme handling. On systems which activate 'RewriteEngine on', a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code this has not been verified...

7.6CVSS8.1AI score0.96436EPSS
Exploits20References2
myhack58
myhack58
added 2007/05/26 12:0 a.m.40 views

jsp vulnerabilities and solutions-vulnerability warning-the black bar safety net

Overview: The server vulnerability is a security Origin, a hacker on the site of the attack is also mostly from the Find each other's vulnerabilities. So only understand its own vulnerability, the site managers to take appropriate measures to prevent foreign attacks. The following describes some ...

0.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2006/09/12 12:0 a.m.10 views

Update Protection against Apache LDAP HTTP Server Buffer Overflow Vulnerability

A vulnerability exists in Apache HTTP Server. Attackers can trigger this vulnerability via crafted URLs that are not properly handled using certain Rewrite rules. This issue only affects installations using Rewrite rules with specific characteristics. This flaw allows attackers to cause denial of...

7.6CVSS5.2AI score0.96436EPSS
Exploits20
Rows per page
Query Builder