Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
an-http vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2002-1546
BRS WebWeaver Web Server 1.01 allows remote malicious users to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.
Brs Webweaver 1.0.1
7.5
CVSSv2
CVE-2001-1048
AWOL PHP script allows remote malicious users to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Topher1kenobe Awol 1.2.1
Topher1kenobe Awol 2.01
Topher1kenobe Awol 2.1
Topher1kenobe Awol 1.0
Topher1kenobe Awol 1.0.1
Topher1kenobe Awol 1.2
Topher1kenobe Awol 2.0
7.5
CVSSv2
CVE-2001-1052
Empris PHP script allows remote malicious users to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Emergenices Personnel Information System Empris 0.4
Emergenices Personnel Information System Empris 2001-08-10
Emergenices Personnel Information System Empris 2001-09-08
7.5
CVSSv2
CVE-2001-1054
PHPAdsNew PHP script allows remote malicious users to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Phpadsnew Phpadsnew 2.0 Beta5
5
CVSSv2
CVE-2001-1296
More.groupware PHP script allows remote malicious users to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Marc Logemann More.groupware 0.5.1
4.6
CVSSv2
CVE-2005-1708
templates.admin.users.user_form_processing in Blue Coat Reporter prior to 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.
Bluecoat Reporter
1 EDB exploit
6.4
CVSSv2
CVE-2003-0312
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in an HTTP request.
Snowblind.net Snowblind Web Server 1.0
1 EDB exploit
NA
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and previous versions does not require POST requests for an HTTP endpoint, allowing malicious users to reindex the database.
Jenkins Lucene-search
NA
CVE-2022-39166
IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.
Ibm Security Guardium 11.4
7.5
CVSSv2
CVE-2020-8427
In Unitrends Backup prior to 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
Unitrends Backup
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »