Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
an-http vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-28851
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
Golang Go 1.15.4
NA
CVE-2023-27569
The eo_tags package prior to 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header.
Prestashop Eo Tags
7.5
CVSSv2
CVE-2003-0317
iisPROTECT 2.1 and 2.2 allows remote malicious users to bypass authentication via an HTTP request containing URL-encoded characters.
Iisprotect Iisprotect 2.1
Iisprotect Iisprotect 2.2
1 EDB exploit
NA
CVE-2009-13573
Core Security Technologies Advisory - An HTTP Response Splitting vulnerability has been discovered in Sun Java System Delegated Administrator.
NA
CVE-2022-4130
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
Redhat Satellite 6.11
Redhat Satellite 6.9
Redhat Satellite 6.10
NA
CVE-2022-45027
perfSONAR prior to 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.
Perfsonar Perfsonar
5
CVSSv2
CVE-2004-1590
Clientexec allows remote malicious users to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function.
Clientexec Clientexec 2.2.1
5
CVSSv2
CVE-2004-2385
EMU Webmail 5.2.7 allows remote malicious users to obtain sensitive path information (home directory) via an HTTP request for init.emu.
Emumail Emu Webmail 5.2.7
1 EDB exploit
5
CVSSv2
CVE-2002-0433
Pi3Web 2.0.0 allows remote malicious users to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.
Pi3 Pi3web 2.0.0
5
CVSSv2
CVE-2001-0391
Xitami 2.5d4 and previous versions allows remote malicious users to crash the server via an HTTP request to the /aux directory.
Imatix Xitami 2.4d7
Imatix Xitami 2.5d4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »