Lucene search
K

2770 matches found

RedHat Linux
RedHat Linux
added 2007/10/19 3:58 p.m.5 views

security flaw

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

4.3CVSS5.9AI score0.12736EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/10/19 3:36 p.m.9 views

security flaw

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

4.3CVSS5.9AI score0.12736EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2006/11/08 3:46 p.m.3 views

Ruby CGI multipart parsing DoS

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...

5CVSS7.2AI score0.04071EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2005/09/27 11:53 a.m.5 views

security flaw

The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...

5CVSS5.9AI score0.02969EPSS
Exploits1References4
OSV
OSV
added 2005/09/13 10:3 p.m.2 views

DEBIAN-CVE-2005-2874

The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...

5CVSS6.8AI score0.02969EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2004/12/13 6:53 p.m.4 views

security flaw

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...

5CVSS7.2AI score0.01898EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2004/11/12 4:43 p.m.9 views

security flaw

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service CPU consumption via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters...

5CVSS5.9AI score0.55105EPSS
Exploits7References4
exploitpack
exploitpack
added 2004/03/02 12:0 a.m.21 views

SureCom EP-9510AXEP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (2)

SureCom EP-9510AXEP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service 2 // source: https://www.securityfocus.com/bid/9795/info An issue in the handling of specific web requests by SureCom network devices has been identified. By placing a malformed request to the web...

0.6AI score
Exploits0
OSV
OSV
added 2003/12/31 5:0 a.m.4 views

DEBIAN-CVE-2003-1083

Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request...

10CVSS8.4AI score0.21107EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2002/12/31 12:0 a.m.4 views

PT-2002-2538 · Atp · Atophttpd

Name of the Vulnerable Software and Affected Versions: ATPhttpd versions 0.4b and earlier Description: The issue is an off-by-one buffer overflow in the sock gets function in sockhelp.c, which allows remote attackers to execute arbitrary code via a long HTTP GET request. Recommendations: For...

9.8CVSS8.8AI score0.08953EPSS
Exploits1References8
Exploit DB
Exploit DB
added 2002/11/14 12:0 a.m.24 views

Perception LiteServe 2.0 - CGI Source Disclosure

source: https://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further attacks against the target system...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/11/14 12:0 a.m.14 views

Perception LiteServe 2.0 - CGI Source Disclosure

Perception LiteServe 2.0 - CGI Source Disclosure source: https://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/11/09 12:0 a.m.11 views

Mollensoft Software Enceladus Server Suite 2.6.13.9 - Directory Traversal

Mollensoft Software Enceladus Server Suite 2.6.13.9 - Directory Traversal source: https://www.securityfocus.com/bid/6338/info It has been reported that Enceladus fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/10/28 12:0 a.m.58 views

MailReader.com 2.3.x - 'NPH-MR.cgi' File Disclosure

source: https://www.securityfocus.com/bid/6055/info A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash ../...

7.4AI score
Exploits0
NVD
NVD
added 2002/10/04 4:0 a.m.20 views

CVE-2002-1069

The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages 1 release.htm, 2 Device Status, or 3 Device Information...

5CVSS6.6AI score0.01878EPSS
Exploits0References6
exploitpack
exploitpack
added 2002/10/02 12:0 a.m.10 views

TightAuction 3.0 - Config.INC Information Disclosure

TightAuction 3.0 - Config.INC Information Disclosure source: https://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file config.inc contains sensitive information such as database authentication credentials. It is possible f...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2002/09/09 12:0 a.m.13 views

WoltLab Burning Board 2.0 - SQL Injection

WoltLab Burning Board 2.0 - SQL Injection source: https://www.securityfocus.com/bid/5675/info WoltLab is prone to SQL injection attacks. This is due to insufficient sanitization of parameters handled by the board.php script, which may be supplied externally via the query string in a web request...

Exploits0
exploitpack
exploitpack
added 2002/06/08 12:0 a.m.7 views

Seanox DevWex Windows Binary 1.2002.520 - File Disclosure

Seanox DevWex Windows Binary 1.2002.520 - File Disclosure source: https://www.securityfocus.com/bid/4978/info The Seanox DevWex Windows binary version is prone to an issue which may cause arbitrary web-readable files to be disclosed to remote attackers. This problem occurs because DevWex does not...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/04/25 12:0 a.m.43 views

PHProjekt 2.x/3.x - Authentication Bypass

source: https://www.securityfocus.com/bid/4596/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. Some of the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/04/25 12:0 a.m.26 views

PHProjekt 2.x3.x - Authentication Bypass

PHProjekt 2.x3.x - Authentication Bypass source: https://www.securityfocus.com/bid/4596/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft...

0.2AI score
Exploits0
Rows per page
Query Builder