14 matches found
EUVD-2002-1944
Malware in sbrugna...
EUVD-2006-1016
Malware in sbrugna...
PT-2024-14961 · Forcepoint · Forcepoint Web Security
Name of the Vulnerable Software and Affected Versions: Forcepoint Web Security versions prior to 8.5.6 Description: The Forcepoint Web Security portal allows administrators to generate detailed reports on user requests made through the Web proxy. It has been determined that the user agent field i...
CVE-2024-42815
In the TP-Link RE365 V1180213, there is a buffer overflow vulnerability due to the lack of length verification for the USERAGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...
HTTP User Agent Remote Code Execution
HTTP headers let the client and the server pass arbitrary information with an HTTP request User Agent field. A remote attacker may use the User Agent header to run arbitrary code on an affected target...
CVE-2022-24573
A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...
CVE-2022-24573
A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...
CVE-2020-11036 XSS in GLPI
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "alert1" reproduces the attack. This can be exploited by a user with administrator privileges i...
glpi -- multiple related stored XSS vulnerabilities
MITRE Corporation reports: In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "alert1" reproduces the attack. This can be exploited by a user with...
DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS
No description provided by source. / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability:...
dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)
dotDefender 3.8-5 - Remote Code Execution via Cross-Site Scripting / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command...
CVE-2006-1012
SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...
Darwin Streaming Server denial-of-service vulnerability
An attacker can cause an assertion to trigger by sending a long User-Agent field in a request...