Lucene search
K

76 matches found

Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.26 views

Amazon Linux 2 : curl (ALAS-2018-951)

HTTP authentication leak in redirects libcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

9.8CVSS6.9AI score0.08031EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2018/02/18 9:56 a.m.10 views

heavyhaulertrailers.com XSS vulnerability

Open Bug Bounty ID: OBB-562841 Description| Value ---|--- Affected Website:| heavyhaulertrailers.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
OSV
OSV
added 2018/02/06 6:25 a.m.11 views

MGASA-2018-0110 Updated curl packages fix security vulnerability

It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. When accessed, the data is read out of bounds and causes either a crash or that the too large data gets passed to the libcurl callback. This might lead to a...

9.1CVSS8.7AI score0.04556EPSS
Exploits0References4
CNVD
CNVD
added 2018/01/25 12:0 a.m.2 views

Haxx libcurl out-of-bounds read vulnerability

Haxx libcurl is a free , open source client-side URL transport library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. A security vulnerability exists in code handling HTTP/2 trailers in Haxx libcurl versions 7.49.0 through 7.57.0. An attacker can exploit this...

9.1CVSS6.9AI score0.04556EPSS
Exploits0References1
OSV
OSV
added 2018/01/24 10:29 p.m.1 views

DEBIAN-CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...

9.1CVSS6.5AI score0.04556EPSS
Exploits0References1
OSV
OSV
added 2018/01/24 10:29 p.m.3 views

ALPINE-CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...

9.1CVSS6.5AI score0.04556EPSS
Exploits0References1
curl security advisories
curl security advisories
added 2018/01/24 8:0 a.m.8 views

HTTP/2 trailer out-of-bounds read

libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once...

9.1CVSS8.2AI score0.04556EPSS
Exploits0Affected Software2
OSV
OSV
added 2018/01/24 12:0 a.m.1 views

UBUNTU-CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...

9.1CVSS7.3AI score0.04556EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2015/03/10 2:49 p.m.66 views

USN-2523-1: Apache HTTP Server vulnerabilities

Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...

5CVSS6.6AI score0.60205EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2015/02/02 12:0 a.m.45 views

FreeBSD : apache24 -- several vulnerabilities (5804b9d4-a959-11e4-9363-20cf30e32f6d)

Apache HTTP SERVER PROJECT reports : modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple...

5CVSS6.7AI score0.60205EPSS
Exploits2References5
FreeBSD
FreeBSD
added 2015/01/29 12:0 a.m.45 views

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Requi...

5CVSS6.6AI score0.60205EPSS
Exploits2
Apache Httpd
Apache Httpd
added 2013/09/06 12:0 a.m.144 views

Apache Httpd < 2.4.12 : HTTP Trailers processing bypass

HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...

5CVSS2.6AI score0.60205EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
added 2013/09/06 12:0 a.m.164 views

Apache Httpd < 2.2.29 : HTTP Trailers processing bypass

HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...

5CVSS2.6AI score0.60205EPSS
Exploits2Affected Software1
0day.today
0day.today
added 2012/06/29 12:0 a.m.49 views

Andy Cameron WebSystems SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/06/19 12:0 a.m.20 views

Joomla JC - Top 25 Movie Trailers Cross Site Scripting

=========================================================== JC - Top 25 Movie Trailers module XSS Vulnerability =========================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...

0.2AI score
Exploits0
0day.today
0day.today
added 2010/06/18 12:0 a.m.20 views

JC - Top 25 Movie Trailers module XSS Vulnerability

Exploit for php platform in category web applications =================================================== JC - Top 25 Movie Trailers module XSS Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'...

7.1AI score
Exploits0
Rows per page
Query Builder