Lucene search
K

2763 matches found

RedHat Linux
RedHat Linux
added 2018/01/03 10:20 a.m.2 views

undertow: improper whitespace parsing leading to potential HTTP request smuggling

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...

7.5CVSS7.4AI score0.01858EPSS
Exploits0References4
CNVD
CNVD
added 2017/12/18 12:0 a.m.3 views

Rapid7 Nexpose Cross-Site Request Forgery Vulnerability

Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. A security vulnerabili...

8.8CVSS6.8AI score0.02746EPSS
Exploits4References1
CNVD
CNVD
added 2017/12/15 12:0 a.m.6 views

Embedthis GoAhead Web Server Remote Command Execution Vulnerability

Embedthis GoAhead is an embedded Web server from Embedthis Software. A remote command execution vulnerability exists in Embedthis GoAhead Web Server versions prior to 3.6.5 due to the use of HTTP request parameters when the server initializes the CGI. A remote attacker could exploit this...

8.1CVSS7.7AI score0.96327EPSS
Exploits15References1
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.2 views

undertow: improper whitespace parsing leading to potential HTTP request smuggling

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...

7.5CVSS7.4AI score0.01858EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.2 views

undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

6.5CVSS7.2AI score0.02712EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/12/12 9:29 p.m.2 views

CVE-2017-11932

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access OWA validates web requests, aka "Microsoft Exchange Spoofing Vulnerability"...

8.1CVSS5.5AI score0.05884EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.46 views

Security Update for Microsoft SharePoint Server 2016 (December 2017)

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a...

8.8CVSS8AI score0.04194EPSS
Exploits0References2
OSV
OSV
added 2017/11/24 7:29 a.m.5 views

CVE-2017-16936

Directory Traversal vulnerability in appdatacenter on Shenzhen Tenda Ac9 USAC9V1.0BRV15.03.05.14multiTD01, Ac9 ac9kfV15.03.05.196318cn, Ac15 USAC15V1.0BRV15.03.05.18multiTD01, Ac15 USAC15V1.0BRV15.03.05.19multiTD01, Ac18 USAC18V1.0BRV15.03.05.05multiTD01, and Ac18 ac18kfV15.03.05.196318cn devices...

6.5CVSS6AI score0.01034EPSS
Exploits0References1
Prion
Prion
added 2017/11/22 8:29 a.m.13 views

Information disclosure

Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...

5CVSS6.2AI score0.00866EPSS
Exploits0References1
NVD
NVD
added 2017/11/22 8:29 a.m.17 views

CVE-2017-8860

Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...

6.5CVSS6.2AI score0.00866EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/21 12:0 a.m.2 views

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability

Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in Cisco Registered Envelope Service,...

6.1CVSS6.6AI score0.00868EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/11/15 10:19 a.m.22 views

CVE-2017-11883

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability"...

7.5CVSS4AI score0.08526EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/11/15 3:29 a.m.2 views

CVE-2017-11883

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability"...

7.5CVSS5.5AI score0.08526EPSS
Exploits0References4
CNVD
CNVD
added 2017/11/15 12:0 a.m.3 views

Foscam IP Video Camera Information Disclosure Vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. An information disclosure vulnerability exists in the Foscam C1 Indoor HD Camera. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to retrieve sensitive information...

7.5CVSS6.3AI score0.01778EPSS
Exploits2References1
CNVD
CNVD
added 2017/11/15 12:0 a.m.3 views

Foscam IP Video Camera Buffer Overflow Vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A buffer overflow vulnerability exists in the Multi-Camera interface in the Foscam C1 Indoor HD Camera. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to port 10000 to overwrite...

9.1CVSS7.4AI score0.01428EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2017/11/13 5:35 p.m.6 views

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

9.8CVSS7.3AI score0.19953EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/11/13 5:35 p.m.4 views

httpd: ap_find_token() buffer overread

A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...

7.5CVSS7.5AI score0.57472EPSS
Exploits1References6
OSV
OSV
added 2017/11/07 4:29 p.m.3 views

CVE-2017-2916

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS5.8AI score0.02251EPSS
Exploits2References1
OSV
OSV
added 2017/11/07 4:29 p.m.4 views

CVE-2017-2866

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS5.8AI score0.0308EPSS
Exploits2References1
CNVD
CNVD
added 2017/11/02 12:0 a.m.2 views

Circle with Disney Command Injection Vulnerability (CNVD-2017-32884)

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A command injection vulnerability exists in the /api/CONFIG/backup function in Circle with Disney. The vulnerability can be exploited to...

9.9CVSS9.4AI score0.0308EPSS
Exploits2References1
Rows per page
Query Builder