Skip to main content

121 docs tagged with "HTTP_Protocol"

View all tags

CVE-1999-0744

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain p

CVE-2000-0897

Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedl

CVE-2000-0898

Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null v

CVE-2000-0899

Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the ser

CVE-2000-1100

The default configuration for PostACI webmail system installs the /includes/global.inc configuration

CVE-2000-1114

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP req

CVE-2000-1118

24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings s

CVE-2000-1154

RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a

CVE-2000-1155

RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a d

CVE-2000-1168

IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and pos

CVE-2000-1170

Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitr

CVE-2002-1596

Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service

CVE-2003-0963

Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow r

CVE-2003-1001

Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series

CVE-2004-1101

mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a

CVE-2004-1133

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remot

CVE-2004-1169

MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (applicati

CVE-2004-1223

The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive

CVE-2004-1303

Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to exe

CVE-2004-1784

Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitra

CVE-2007-0047

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microso

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remo

CVE-2007-0098

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_g

CVE-2007-0105

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for W

CVE-2007-0120

Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to c

CVE-2007-0124

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows

CVE-2007-0173

Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when regist

CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0

CVE-2007-6388

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6

CVE-2007-6420

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap

CVE-2007-6421

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTT

CVE-2007-6422

The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, w

CVE-2007-6423

Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when

CVE-2007-6612

Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x

CVE-2007-6622

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to ex

CVE-2007-6640

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to danger

CVE-2008-0202

CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attack

CVE-2008-0210

Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set thr

CVE-2008-5810

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versio

CVE-2008-5848

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remot

CVE-2009-0113

Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.

CVE-2010-0214

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connec

CVE-2010-4539

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in

CVE-2010-4690

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devic

CVE-2011-0398

The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP addre

CVE-2011-0423

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administr

CVE-2011-4643

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated u

CVE-2011-4644

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functiona

CVE-2011-5058

The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attac

CVE-2012-0310

CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier

CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit

CVE-2012-4545

The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0

CVE-2012-5769

IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read a

CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x befor

CVE-2012-6468

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code o

CVE-2012-6471

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP reques

CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Fram

CVE-2013-10006

A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by t

CVE-2013-5657

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3

CVE-2013-7277

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95

CVE-2013-7282

The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WI

CVE-2014-0048

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HT

CVE-2014-0618

Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12

CVE-2014-1406

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with

CVE-2014-1408

The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the

CVE-2014-6199

The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 a

CVE-2014-9453

Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor

CVE-2016-4642

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016

CVE-2017-2411

In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by

CVE-2018-0282

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticat

CVE-2018-0628

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a

CVE-2018-0629

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0632

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to ex

CVE-2018-0703

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delet

CVE-2018-0705

Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arb

CVE-2018-15490

An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service wit

CVE-2018-16181

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers t

CVE-2018-18244

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to

CVE-2018-19861

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via

CVE-2018-19862

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via

CVE-2018-20100

An issue was discovered on August Connect devices. Insecure data transfer between the August app and

CVE-2018-4012

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webro

CVE-2018-8827

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2

CVE-2019-20372

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demon

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and pass

CVE-2019-3581

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remo

CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attac

CVE-2019-5990

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtai

CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra

CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the fo

CVE-2020-28851

In x/text in Go 1.15.4, an 'index out of range' panic occurs in language.ParseAcceptLanguage while p

CVE-2020-28852

In x/text in Go before v0.3.5, a 'slice bounds out of range' panic occurs in language.ParseAcceptLan

CVE-2020-35391

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly i

CVE-2020-4893

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information

CVE-2020-4896

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by imp

CVE-2020-4913

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privile

CVE-2020-5019

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by im

CVE-2020-5146

A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS c

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30

CVE-2020-7336

Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7

CVE-2021-1573

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an

CVE-2021-20046

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote aut

CVE-2021-20048

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenti

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator

CVE-2021-21445

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to inc

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can le

CVE-2021-27738

All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordin

CVE-2021-34704

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an

CVE-2021-38956

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in H

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 a

CVE-2021-43973

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a r

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the

CVE-2022-21676

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communi

CVE-2022-22836

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacke

CVE-2022-39039

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attac

CVE-2022-39947

A improper neutralization of special elements used in an os command ('os command injection') in Fort

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerabili

CVE-2022-45027

perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request head

CVE-2022-47634

M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrativ