4 matches found
CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...
PT-2019-18409 · Avaya · Avaya Control Manager
Name of the Vulnerable Software and Affected Versions: Avaya Control Manager versions 7.x and 8.0.x prior to 8.0.4.0 Description: A SQL injection issue in the reporting component could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other...
CVE-2018-2644
Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications subcomponent: Worklist. Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus...
tomcat: Limited DoS in chunked transfer encoding input filter
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...