CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an IPTraf.php URI Request Stored XSS security vulnerability...

PSCS VPOP3 2.0 Email Server Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10782/info It is reported that VPOP3 is reported prone to a remote denial of service vulnerability. This issue presents itself when an attacker issues a URI request containing a large value for the 'msglistlen' parameter ...

Netgear RP114 3.26 Content Filter Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10404/info It is reported that users may bypass Netgear RP114 content filter functionality. This can be accomplished by making a URI request string that is over 220 bytes in length. This vulnerability may result in a fals...

VisNetic WebMail 5.8.6 .6 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8018/info VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web...

IBM WebSphere MQ 7.1 < 7.1.0.5 / 7.5 < 7.5.0.3 Multiple Vulnerabilities

The version of IBM WebSphere MQ server 7.1 / 7.5 installed on the remote Windows host is missing fix pack 7.1.0.5 / 7.5.0.3 or later. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists due to a failure to sanitize user-supplied input in...

Easy Address Book Web Server format string vulnerability

Format string vulnerability on URI request parsing...

KorWeblog 1.6.2 - Remote Directory Listing

source: https://www.securityfocus.com/bid/11744/info A vulnerability is reported in the KorWeblog software that may allow a remote user to disclose directory listings. The problem presents itself when a malicious user crafts an URI request containing directory traversal sequences. When properly...

PSCS VPOP3 2.0 - Email Server Remote Denial of Service

source: https://www.securityfocus.com/bid/10782/info It is reported that VPOP3 is reported prone to a remote denial of service vulnerability. This issue presents itself when an attacker issues a URI request containing a large value for the 'msglistlen' parameter to the web mail interface. VPOP3...

Netgear RP114 3.26 - Content Filter Bypass

source: https://www.securityfocus.com/bid/10404/info It is reported that users may bypass Netgear RP114 content filter functionality. This can be accomplished by making a URI request string that is over 220 bytes in length. This vulnerability may result in a false sense of security for a network...

Apache stops writing access/error logs after processing "Request-URI" containing "0x1A" characters

Overview A vulnerability in the logging of URI requests may permit a remote attacker to disable logging on an Apache HTTP Server. Version 1.3.27 on Windows systems is reported vulnerable to this issue. Description Apache HTTP Server 1.3.27 running on Win32 systems contains a vulnerability that...

CVE-2001-0746

The CVE-2001-0746 issue is a buffer overflow in the Web Publisher component of iPlanet Web Server Enterprise Edition 4.1 and earlier. An attacker can trigger this by sending a long URI in requests for certain methods (notably GETPROPERTIES and GETATTRIBUTENAMES), potentially causing a denial of s...