20 matches found
CVE-2026-8359 Gladinet Triofox WOSHttpStatusModule.dll NULL Function Pointer Call DoS
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...
EUVD-2009-0001
Malware in sbrugna...
EUVD-2025-32094
Malicious code in bioql PyPI...
CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
Liferay Portal exposes 500 status when attempting login with a deleted client secret
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19 exposes "Internal Server Error" in the response body when a...
Cross-site Scripting (XSS)
Buildbot is vulnerable to a cross-site scripting XSS. The vulnerability is due to improper santization within the waterfall web status view status/web/waterfall.py, enabling remote attackers to inject arbitrary web script or HTML...
Buildbot Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
jonfinley Monitorr 安全漏洞
jonfinley Monitorr is a jonfinley open source application. Used for webfront will display the status of any Web application or service in real time. monitorr version 1.7.6m has an authorization bypass vulnerability, which can be exploited by attackers to create valid credentials...
jetty: double release of resource can lead to information disclosure
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
UBUNTU-CVE-2020-15666
When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...
USN-3995-1 keepalived vulnerability
It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code...
keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution
Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary...
DEBIAN-CVE-2018-19115
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...
UBUNTU-CVE-2018-19115
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...
CVE-2016-1383
Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service memory consumption via an unspecified HTTP status code, aka Bug ID CSCur28305...
Xymon HTML Injection Vulnerability
Xymon is an open source , cross-platform network monitoring application . The application can be viewed through the web page of the operational status of each server , and supports Email and SMS notification function . There is an HTML injection vulnerability in Xymon. This vulnerability can be...
CVE-2009-2959
Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
PYSEC-2009-1
Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-2959
Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...