Lucene search
+L

120 matches found

BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.8 views

The vulnerability of the Red Database database management system lies in the possibility of returning incorrect status codes, allowing attackers to deceive users.

The vulnerability of the RedBase database management system is related to the return of incorrect status codes. Exploiting this vulnerability can allow a malicious actor to deceive users by replacing the notification window...

4CVSS5.5AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/05/04 3:25 p.m.42 views

CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

4.3CVSS4.7AI score0.00767EPSS
Exploits0References1
Fortinet
Fortinet
added 2022/05/03 12:0 a.m.122 views

Protect

A server-generated error message containing sensitive information vulnerability CWE-550 in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages...

4.3CVSS4.8AI score0.00767EPSS
Exploits0Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/24 4:57 p.m.60 views

Ory fosite contains Improper Handling of Exceptional Conditions

Impact The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store...

8CVSS1.2AI score0.01588EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/05/24 4:57 p.m.116 views

GHSA-7MQR-2V3Q-V2WM Ory fosite contains Improper Handling of Exceptional Conditions

Impact The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store...

8CVSS7.7AI score0.01588EPSS
Exploits0References5
OSV
OSV
added 2020/12/09 1:15 a.m.1 views

DEBIAN-CVE-2020-26970

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

8.8CVSS8AI score0.01222EPSS
Exploits0References1
OSV
OSV
added 2020/12/09 1:15 a.m.4 views

CVE-2020-26970

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

8.8CVSS8.5AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/12/09 1:15 a.m.22 views

CVE-2020-26970

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

9.3CVSS7.1AI score0.01222EPSS
Exploits0References5
OSV
OSV
added 2020/12/09 1:15 a.m.3 views

UBUNTU-CVE-2020-26970

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird...

8.8CVSS5.7AI score0.01222EPSS
Exploits0References6
NCSC
NCSC
added 2020/12/03 12:0 a.m.4 views

Vulnerability fixed in Thunderbird

When reading status codes from the SMTP server, Thunderbird an integer to a position on the stack that is is intended to contain only one byte. Depending on the processor architecture and the stack layout, this leads to corruption of the stack that could potentially be abused. Mozilla has release...

9.3CVSS6.7AI score0.01222EPSS
Exploits0
OSV
OSV
added 2020/08/26 12:0 a.m.4 views

UBUNTU-CVE-2020-15666

When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...

6.5CVSS7.3AI score0.01234EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2020/05/15 9:43 a.m.63 views

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/15 9:43 a.m.10 views

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

5.8AI score
Exploits0
Securelist
Securelist
added 2020/05/14 10:0 a.m.74 views

COMpfun authors spoof visa application with HTTP status-based Trojan

You may remember that in autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. If you're wondering whether the actor behind the malware is still developing new features, the answer is yes. Later in November 2019 our...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2019/10/18 9:30 p.m.163 views

Rbuster - Yet Another Dirbuster

yet another dirbuster Common Command line options -a - specify a user agent string to send in the request -c - use this to specify any cookies that you might need simulating auth. header. -f - force processing of a domain with wildcard results. -l - show the length of the response. -r - follow...

7.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/07/16 1:49 p.m.4 views

keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution

Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary...

9.8CVSS6.4AI score0.03746EPSS
Exploits0References4
Kitploit
Kitploit
added 2019/06/14 1:9 p.m.168 views

Rustbuster - DirBuster For Rust

DirBuster for Rust. Usage There are three modules currently implemented: 1. Dirbuster default rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php 2. Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist 3. Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w...

7.3AI score
Exploits0References1
OSV
OSV
added 2019/05/28 12:38 p.m.5 views

USN-3995-1 keepalived vulnerability

It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.2AI score0.03746EPSS
Exploits0References2
Kitploit
Kitploit
added 2019/05/13 9:10 p.m.142 views

Horn3t - Powerful Visual Subdomain Enumeration At The Click Of A Mouse

Horn3t is your Nr 1 tool for exploring subdomains visually. Building on the great Sublist3r framework or extensible with your favorite one it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and...

7.3AI score
Exploits0References5
NVD
NVD
added 2019/01/09 7:29 p.m.18 views

CVE-2018-20068

Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

4.3CVSS3.7AI score0.00471EPSS
Exploits0References2
Rows per page
Query Builder