Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modsecurity vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2012-2751
ModSecurity prior to 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote malicious users to bypass fil...
Trustwave Modsecurity
Opensuse Opensuse 12.3
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Oracle Http Server 11.1.1.6.0
668
VMScore
CVE-2013-1915
ModSecurity prior to 2.7.3 allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External ...
Trustwave Modsecurity
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Fedoraproject Fedora 19
Debian Debian Linux 6.0
Debian Debian Linux 7.0
NA
CVE-2023-38199
coreruleset (aka OWASP ModSecurity Core Rule Set) up to and including 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow malicious users to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and...
Owasp Coreruleset
890
VMScore
CVE-2016-10817
cPanel prior to 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
Cpanel Cpanel
490
VMScore
CVE-2016-10771
cPanel prior to 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
Cpanel Cpanel
668
VMScore
CVE-2004-1765
Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote malicious users to execute arbitrary code via crafted POST requests.
Mod Security Mod Security 1.7.4
NA
CVE-2023-40586
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious reques...
Coraza Coraza 3.0.0
685
VMScore
CVE-2007-1359
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and previous versions allows remote malicious users to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is...
Mod Security Mod Security 1.7.4
Mod Security Mod Security 1.7.5
Mod Security Mod Security 1.7.1
Mod Security Mod Security 1.7.2
Mod Security Mod Security 1.9.4
Mod Security Mod Security 2.1
Mod Security Mod Security 1.7
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4