Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
an-http vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-31920
Istio prior to 1.8.6 and 1.9.x prior to 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Istio Istio
7.5
CVSSv2
CVE-2001-0871
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote malicious users to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 up to and including 2.6.18, or (2) a DOS device name followed by a .. i...
Alchemy Lab Alchemy Eye 2.1
Alchemy Lab Alchemy Eye 2.2
Alchemy Lab Alchemy Eye 3.0
Alchemy Lab Alchemy Eye 3.0.10
Dek Software Alchemy Network Monitor
Alchemy Lab Alchemy Eye 2.3
Alchemy Lab Alchemy Eye 2.4
Alchemy Lab Alchemy Eye 2.5
Alchemy Lab Alchemy Eye 2.6
Alchemy Lab Alchemy Eye 2.0
Alchemy Lab Alchemy Eye 2.6.18
Alchemy Lab Alchemy Eye 2.6.19
5
CVSSv2
CVE-2004-1609
SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote malicious users to gain access.
Best Software Saleslogix
Saleslogix Corporation Saleslogix 2000.0
5
CVSSv2
CVE-2002-2240
Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote malicious users to read arbitrary files via a ".." (dot dot) in an HTTP GET request.
Myserver Myserver 0.11
Myserver Myserver 0.2
5
CVSSv2
CVE-2005-0502
Directory traversal vulnerability in Xinkaa 1.0.3 and previous versions allows remote malicious users to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request.
Xinkaa Web Station Xinkaa Web Station 1.0.3
5
CVSSv2
CVE-2002-1031
KeyFocus (KF) web server 1.0.2 allows remote malicious users to list directories and read restricted files via an HTTP request containing a %00 (null) character.
Key Focus Kf Web Server 1.0.2
1 EDB exploit
5
CVSSv2
CVE-2002-1035
Omnicron OmniHTTPd 2.09 allows remote malicious users to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number.
Omnicron Omnihttpd 2.09
7.5
CVSSv2
CVE-2000-1223
quikstore.cgi in Quikstore Shopping Cart allows remote malicious users to execute arbitrary commands via shell metacharacters in the URL portion of an HTTP GET request.
I-soft Quikstore
5
CVSSv2
CVE-2002-0784
Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote malicious users to list directories via an HTTP request with a ... (modified dot dot).
Lysias Lidik Webserver 0.7b
5
CVSSv2
CVE-2002-1928
602Pro LAN SUITE 2002 allows remote malicious users to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.
Software602 602pro Lan Suite 2002
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »