98 matches found
Security update for exim (critical)
openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0754-1 Rating: critical References: 1079832 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-16928 CVE-2020-12783 CVE-2020-28007 CVE-2020-280...
CVE-2021-26704
EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI...
CVE-2021-26704
EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI...
CVE-2021-26704
CVE-2021-26704 affects EPrints 3.4.2. A remote command-injection vulnerability exists in the CGI toolbox verb parameter, allowing an attacker to execute arbitrary commands on the affected system. Exploitation details indicate remote access over the network with low complexity and no user interact...
EPrints 安全漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A remote code execution vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering specially crafted data into the verb parameter in t...
CVE-2020-26273
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This does allow arbitrary...
CVE-2020-26273
Summary: CVE-2020-26273 affects osquery prior to 4.6.0. By abusing sqlite’s ATTACH verb, an administrator can read/write to arbitrary sqlite databases on disk, potentially creating new sqlite files. Existing non-sqlite files are not overwritten according to the sources. The vulnerability is mitig...
CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...
CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...
Security feature bypass
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...
CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...
CVE-2020-4779
A HTTP Verb Tampering vulnerability (CVE-2020-4779) affects IBM Cúram Social Program Management 7.0.9 and 7.0.10, enabling an attacker to bypass security access controls by sending specially crafted requests. Root cause details are not fully enumerated in the provided documents, but the IBM advis...
Security Bulletin: A HTTP Verb Tampering vulnerability may impact IBM Cúram Social Program Management (CVE-2020-4779)
Summary A HTTP Verb Tampering vulnerability may impact IBM Cúram Social Program Management. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. Vulnerability Details CVEID: CVE-2020-4779 DESCRIPTION: A HTTP Verb Tampering...
Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests
This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite Scanner, Intruder, Repeater, Proxy History and also you can choose whatever HTTP VERB what do you want to customize. Usage Easy to use ! : Don't forget to click save button ! Changelog 24...
Buffer overflow
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable...
Design/Logic Flaw
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console CMC by changing request method...
CVE-2018-2483
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console CMC by changing request method...
CVE-2018-2483
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console CMC by changing request method...
CVE-2018-2483
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console CMC by changing request method...
CVE-2018-2483
SAP BusinessObjects BI Platform CMC (versions 4.1 and 4.2) is affected by HTTP Verb Tampering caused by how request methods can be manipulated. Vulnerable component: Central Management Console. Reported impact includes bypassing security restrictions and tampering with HTTP verbs. No explicit exp...