CVE-1999-0744
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain p
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain p
Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedl
Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null v
Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the ser
The default configuration for PostACI webmail system installs the /includes/global.inc configuration
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP req
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings s
RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a
RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a d
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and pos
Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitr
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow r
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series
mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remot
MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (applicati
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive
Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to exe
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitra
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microso
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remo
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_g
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for W
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to c
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows
Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when regist
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTT
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, w
Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x
SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to ex
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to danger
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attack
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set thr
WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versio
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remot
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.
The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connec
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devic
The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP addre
The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administr
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated u
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functiona
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attac
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0
IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read a
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x befor
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code o
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP reques
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Fram
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by t
AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95
The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WI
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HT
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the
The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 a
Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticat
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to ex
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delet
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arb
An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service wit
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers t
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via
An issue was discovered on August Connect devices. Insecure data transfer between the August app and
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webro
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demon
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and pass
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remo
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attac
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtai
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the fo
In x/text in Go 1.15.4, an 'index out of range' panic occurs in language.ParseAcceptLanguage while p
In x/text in Go before v0.3.5, a 'slice bounds out of range' panic occurs in language.ParseAcceptLan
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly i
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by imp
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privile
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by im
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS c
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote aut
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenti
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to inc
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can le
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordin
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in H
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 a
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a r
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communi
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacke
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attac
A improper neutralization of special elements used in an os command ('os command injection') in Fort
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerabili
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request head
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrativ