114 matches found
ebankIT 6 Denial Of Service
CVE-2023-30455 Description An issue was discovered in ebankIT before version 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100...
U.S. Dept Of Defense: WordPress application vulnerable to DoS attack via wp-cron.php
The WordPress application was vulnerable to a Denial of Service DoS attack via the wp-cron.php script, which could be exploited by sending a large number of requests to the script, causing it to consume excessive resources and overload the server, potentially leading to data loss and downtime. Th...
SUSE CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12...
SUSE CVE-2017-9804
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this...
CVE-2022-23500
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page...
CVE-2022-23500
CVE-2022-23500 affects TYPO3 CMS versions prior to 9.5.38 ELTS, 10.4.33, 11.5.20, and 12.1.1. The vulnerability occurs when a request for an invalid/non-existing resource triggers the page error handler, which may retrieve content from another page and cause recursive self-calls, amplifying the i...
GHSA-FQFG-C577-2VC3 rdiffweb's unlimited length Fullname field can lead to DoS
rdiffweb prior to 2.5.0a3 does not validate email length, allowing users to insert an email longer than 255 characters. If a user signs up with an email with a length of 1 million or more characters and logs in, withdraws, or changes their email, the server may cause denial of service due to...
PT-2022-23194 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.16 Description: The issue arises when requesting invalid or non-existing resources via HTTP, triggering the page error handler to retrieve content from another page, leading to recursive application calls that...
GHSA-86VQ-8QHC-5RQW Apache Struts vulnerable to possible DoS attack when using URLValidator
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...
Apache Struts vulnerable to possible DoS attack when using URLValidator
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...
CVE-2022-20697
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this...
UBUNTU-CVE-2022-23837
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: race condition in net/can/bcm.c leads to local privilege escalation CVE-2021-3609 kernel: Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks CVE-2021-22543 kernel:...
Reddit: No Rate Limit on redditgifts gift when Adding Comment
Hi team, I hope this report should not be closed as INFORMATIVE Summary: The add comment endpoint was improperly rate-limited so the potential attacker could post a large number of comments, overloading the server . Description: The add comment endpoint has a speed limit, but the number is set to...
CVE-2021-21359
TYPO3 core vulnerability CVE-2021-21359 affects TYPO3 CMS before 9.5.25, 10.4.14, and 11.1.1. When a user requests invalid or non-existing resources via HTTP, the page error handler could retrieve content to display from another page, causing the application to call itself recursively and potenti...
Denial of Service in uap-core
Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to = v0.11...
Radancy: [mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation
Creating an account on https://mijn.werkenbijdefensie.nl/profielaanmaken/ could be done with a very long emailaddress. A max email address length validation check has been implemented as per RFC the maximum length allowed for an email address is 255 characters. However, we don't validate email...
Denial of Service in uap-core when processing crafted User-Agent strings
Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....
SAP HANA Extended Application Services Input Validation Error Vulnerability
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...
Nord Security: DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation
There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...