Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
request tracker vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-37150
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an malicious user to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
Apache Traffic Server
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
605
VMScore
CVE-2014-9407
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.0.5 allow remote malicious users to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-de...
Revive-adserver Revive Adserver
NA
CVE-2022-32215
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Nodejs Node.js
Llhttp Llhttp
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Siemens Sinec Ins 1.0
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
534
VMScore
CVE-2013-3369
Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.15
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.12
Bestpractical Rt 3.8.16
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
578
VMScore
CVE-2020-11100
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 up to and including 2.x prior to 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Haproxy Haproxy
Debian Debian Linux 10.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
NA
CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Llhttp Llhttp
Nodejs Node.js
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
505
VMScore
CVE-2004-2029
The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and previous versions allows remote malicious users to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.
Trevor Hogan Bnbt 7.5 Beta Release2
1 EDB exploit
294
VMScore
CVE-2013-3368
bin/rt in Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.5
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
383
VMScore
CVE-2013-3371
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 up to and including 3.8.16 and 4.0.x prior to 4.0.13 allows remote malicious users to inject arbitrary web script or HTML via the filename of an attachment.
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.15
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.12
Bestpractical Rt 3.8.16
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
383
VMScore
CVE-2013-3372
Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows remote malicious users to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.5
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »