Lucene search
K

114 matches found

Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.333 views

ebankIT 6 Denial Of Service

CVE-2023-30455 Description An issue was discovered in ebankIT before version 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100...

6.9AI score0.01047EPSS
Exploits1
Hacker One
Hacker One
added 2023/02/28 1:38 a.m.1651 views

U.S. Dept Of Defense: WordPress application vulnerable to DoS attack via wp-cron.php

The WordPress application was vulnerable to a Denial of Service DoS attack via the wp-cron.php script, which could be exploited by sending a large number of requests to the script, causing it to consume excessive resources and overload the server, potentially leading to data loss and downtime. Th...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7672

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12...

5.9CVSS9.2AI score0.09362EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.3 views

SUSE CVE-2017-9804

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this...

7.5CVSS9.3AI score0.08456EPSS
Exploits23References3
NVD
NVD
added 2022/12/14 8:15 a.m.17 views

CVE-2022-23500

TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page...

7.5CVSS0.00686EPSS
Exploits0References1
CVE
CVE
added 2022/12/14 7:7 a.m.120 views

CVE-2022-23500

CVE-2022-23500 affects TYPO3 CMS versions prior to 9.5.38 ELTS, 10.4.33, 11.5.20, and 12.1.1. The vulnerability occurs when a request for an invalid/non-existing resource triggers the page error handler, which may retrieve content from another page and cause recursive self-calls, amplifying the i...

7.5CVSS6.4AI score0.00686EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/30 12:0 a.m.31 views

GHSA-FQFG-C577-2VC3 rdiffweb's unlimited length Fullname field can lead to DoS

rdiffweb prior to 2.5.0a3 does not validate email length, allowing users to insert an email longer than 255 characters. If a user signs up with an email with a length of 1 million or more characters and logs in, withdraws, or changes their email, the server may cause denial of service due to...

6.9CVSS7.3AI score0.01004EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.4 views

PT-2022-23194 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.16 Description: The issue arises when requesting invalid or non-existing resources via HTTP, triggering the page error handler to retrieve content from another page, leading to recursive application calls that...

7.5CVSS7.3AI score0.01312EPSS
Exploits0References13
OSV
OSV
added 2022/05/14 3:15 a.m.1 views

GHSA-86VQ-8QHC-5RQW Apache Struts vulnerable to possible DoS attack when using URLValidator

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...

5.9CVSS6.2AI score0.03347EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 3:15 a.m.24 views

Apache Struts vulnerable to possible DoS attack when using URLValidator

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...

5.9CVSS5.5AI score0.03347EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/04/15 3:15 p.m.2 views

CVE-2022-20697

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this...

8.6CVSS5.8AI score0.0111EPSS
Exploits0References1
OSV
OSV
added 2022/01/21 9:15 p.m.4 views

UBUNTU-CVE-2022-23837

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...

7.5CVSS7.1AI score0.05258EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2021/08/10 11:56 a.m.111 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: race condition in net/can/bcm.c leads to local privilege escalation CVE-2021-3609 kernel: Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks CVE-2021-22543 kernel:...

8.7CVSS8AI score0.78684EPSS
Exploits23References3
Hacker One
Hacker One
added 2021/05/19 6:9 a.m.32 views

Reddit: No Rate Limit on redditgifts gift when Adding Comment

Hi team, I hope this report should not be closed as INFORMATIVE Summary: The add comment endpoint was improperly rate-limited so the potential attacker could post a large number of comments, overloading the server . Description: The add comment endpoint has a speed limit, but the number is set to...

1.9AI score
Exploits0
CVE
CVE
added 2021/03/23 1:55 a.m.194 views

CVE-2021-21359

TYPO3 core vulnerability CVE-2021-21359 affects TYPO3 CMS before 9.5.25, 10.4.14, and 11.1.1. When a user requests invalid or non-existing resources via HTTP, the page error handler could retrieve content to display from another page, causing the application to call itself recursively and potenti...

7.5CVSS6.4AI score0.01731EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/02 3:46 p.m.62 views

Denial of Service in uap-core

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to = v0.11...

5.3CVSS4AI score0.02517EPSS
Exploits0References5Affected Software1
Hacker One
Hacker One
added 2020/07/11 4:16 a.m.105 views

Radancy: [mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation

Creating an account on https://mijn.werkenbijdefensie.nl/profielaanmaken/ could be done with a very long emailaddress. A max email address length validation check has been implemented as per RFC the maximum length allowed for an email address is 255 characters. However, we don't validate email...

1.6AI score
Exploits0
RubySec
RubySec
added 2020/03/10 12:0 a.m.21 views

Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....

7.5CVSS7.2AI score0.02261EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/12/17 12:0 a.m.3 views

SAP HANA Extended Application Services Input Validation Error Vulnerability

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...

7.1CVSS6.5AI score0.00897EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/12/05 2:58 p.m.224 views

Nord Security: DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation

There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...

5CVSS7.4AI score0.73098EPSS
Exploits11
Rows per page
Query Builder