3083 matches found
CVE-2017-18047
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply...
CVE-2018-2671
Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products subcomponent: Supplier Registration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSo...
CVE-2018-2683
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: POS. Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitalit...
CVE-2018-2660
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2017-10301
Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products subcomponent: Enterprise Portal. The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
TRENDnet TEW-823DRU Device Elevation of Privilege Vulnerability
The TRENDnet TEW-823DRU devices is a dual-band wireless router device from TRENDnet. A security vulnerability exists in TRENDnet TEW-823DRU devices using firmware versions prior to 1.00b36, where a hard-coded password is used for the root account. A remote attacker can exploit the vulnerability t...
PT-2018-2503 · Live555 +2 · Live555 Rtsp Server Library +2
Name of the Vulnerable Software and Affected Versions: LIVE555 RTSP server library version 0.92 Description: The issue is related to a buffer overflow error in the HTTP packet parser implementation of the LIVE555 RTSP server library. This can be exploited by a remote attacker using a specially...
httpd: mod_ssl NULL pointer dereference
A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...
undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...
OpenJDK: newline injection in the FTP client (Networking, 8170222)
A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...
OpenJDK: newline injection in the SMTP client (Networking, 8171533)
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...
OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)
It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...
Cisco Data Center Network Manager Software HTTP Injection Vulnerability
Cisco Data Center Network Manager DCNM Software is a data center management system from Cisco USA. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An HTTP injection vulnerability exists in the web interface in Cisco...
Haxx curl and libcurl denial of service vulnerabilities
Haxx curl and libcurl are both products of the Swedish company Haxx. curl is a set of file transfer tools that utilize URL syntax to work at the command line. libcurl is a free, open source client-side URL transfer library. A denial of service vulnerability exists in the FTP wildcard function in...
UBUNTU-CVE-2017-8817
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...
DEBIAN-CVE-2017-16944
The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...
CVE-2017-16566
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication such as passwd and shadow. This can be abused to take full root level control of the device...
CVE-2017-12083
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the...
DEBIAN-CVE-2017-2891
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...