2763 matches found
undertow: improper whitespace parsing leading to potential HTTP request smuggling
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...
Rapid7 Nexpose Cross-Site Request Forgery Vulnerability
Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. A security vulnerabili...
Embedthis GoAhead Web Server Remote Command Execution Vulnerability
Embedthis GoAhead is an embedded Web server from Embedthis Software. A remote command execution vulnerability exists in Embedthis GoAhead Web Server versions prior to 3.6.5 due to the use of HTTP request parameters when the server initializes the CGI. A remote attacker could exploit this...
undertow: improper whitespace parsing leading to potential HTTP request smuggling
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...
undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...
CVE-2017-11932
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access OWA validates web requests, aka "Microsoft Exchange Spoofing Vulnerability"...
Security Update for Microsoft SharePoint Server 2016 (December 2017)
The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a...
CVE-2017-16936
Directory Traversal vulnerability in appdatacenter on Shenzhen Tenda Ac9 USAC9V1.0BRV15.03.05.14multiTD01, Ac9 ac9kfV15.03.05.196318cn, Ac15 USAC15V1.0BRV15.03.05.18multiTD01, Ac15 USAC15V1.0BRV15.03.05.19multiTD01, Ac18 USAC18V1.0BRV15.03.05.05multiTD01, and Ac18 ac18kfV15.03.05.196318cn devices...
Information disclosure
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...
CVE-2017-8860
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...
Cisco Registered Envelope Service Cross-Site Scripting Vulnerability
Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in Cisco Registered Envelope Service,...
CVE-2017-11883
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability"...
CVE-2017-11883
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability"...
Foscam IP Video Camera Information Disclosure Vulnerability
Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. An information disclosure vulnerability exists in the Foscam C1 Indoor HD Camera. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to retrieve sensitive information...
Foscam IP Video Camera Buffer Overflow Vulnerability
Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A buffer overflow vulnerability exists in the Multi-Camera interface in the Foscam C1 Indoor HD Camera. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to port 10000 to overwrite...
httpd: mod_ssl NULL pointer dereference
A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...
httpd: ap_find_token() buffer overread
A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...
CVE-2017-2916
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2017-2866
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability...
Circle with Disney Command Injection Vulnerability (CNVD-2017-32884)
Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A command injection vulnerability exists in the /api/CONFIG/backup function in Circle with Disney. The vulnerability can be exploited to...