Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
404 not found vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2002-0681
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote malicious users to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.
Goahead Software Goahead Webserver 2.1.5
Goahead Software Goahead Webserver 2.1.3
Goahead Software Goahead Webserver 2.1.4
Goahead Software Goahead Webserver 2.1.1
Goahead Software Goahead Webserver 2.1.2
1 EDB exploit
685
VMScore
CVE-2003-0526
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote malicious users to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error ...
Microsoft Isa Server 2000
1 EDB exploit
685
VMScore
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 prior to 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote malicious users to execute script as other web page visitors v...
Apache Http Server 2.0.42
Oracle Application Server 9.0.2.1
Apache Http Server 1.3.23
Oracle Oracle9i 9.0.1
Oracle Oracle9i 9.0.2
Oracle Oracle8i 8.1.7 .0.0 Enterprise
Oracle Database Server 8.1.7
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 1.3.1
Apache Http Server 1.3.25
Oracle Oracle9i 9.0
Apache Http Server 1.3.19
Oracle Database Server 9.2.1
Apache Http Server 2.0.39
Apache Http Server 1.3.24
Oracle Application Server 9.0.2
Apache Http Server 1.3.20
Apache Http Server 1.3.6
Apache Http Server 2.0.41
Oracle Oracle8i 8.1.7.1
Oracle Oracle8i 8.1.7
1 EDB exploit
668
VMScore
CVE-2017-7991
Exponent CMS 2.4.1 and previous versions has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
Exponentcms Exponent Cms
668
VMScore
CVE-2013-2873
Use-after-free vulnerability in Google Chrome prior to 28.0.1500.71 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.
Debian Debian Linux 7.0
Google Chrome 28.0.1500.68
Google Chrome 28.0.1500.26
Google Chrome 28.0.1500.31
Google Chrome 28.0.1500.0
Google Chrome 28.0.1500.33
Google Chrome 28.0.1500.29
Google Chrome 28.0.1500.25
Google Chrome 28.0.1500.66
Google Chrome 28.0.1500.41
Google Chrome 28.0.1500.12
Google Chrome 28.0.1500.13
Google Chrome 28.0.1500.62
Google Chrome 28.0.1500.20
Google Chrome 28.0.1500.39
Google Chrome 28.0.1500.60
Google Chrome 28.0.1500.15
Google Chrome 28.0.1500.59
Google Chrome 28.0.1500.23
Google Chrome 28.0.1500.45
Google Chrome 28.0.1500.43
Google Chrome 28.0.1500.40
668
VMScore
CVE-2002-0843
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache prior to 1.3.27, and Apache 2.x prior to 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
Oracle Application Server 9.0.2.1
Apache Http Server 1.3.23
Oracle Oracle8i 8.1.7.0.0 Enterprise
Oracle Database Server 8.1.7
Apache Http Server 1.3.1
Apache Http Server 1.3.25
Apache Http Server 1.3.19
Apache Http Server 1.3.24
Oracle Application Server 9.0.2
Apache Http Server 1.3.20
Apache Http Server 1.3.6
Oracle Oracle8i 8.1.7.1
Oracle Oracle8i 8.1.7
Apache Http Server 1.3.4
Apache Http Server 1.3.18
Oracle Application Server 1.0.2.1s
Apache Http Server 1.3
Apache Http Server 1.3.12
Apache Http Server 1.3.3
Apache Http Server 1.3.17
Apache Http Server 1.3.26
Apache Http Server 1.3.9
641
VMScore
CVE-2002-0839
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x prior to 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allow...
Apache Http Server
Debian Debian Linux 2.2
Debian Debian Linux 3.0
606
VMScore
CVE-2018-10549
An issue exists in PHP prior to 5.6.36, 7.0.x prior to 7.0.30, 7.1.x prior to 7.1.17, and 7.2.x prior to 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '...
Php Php
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 17.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Storage Automation Store -
2 Github repositories
605
VMScore
CVE-2022-24801
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non...
Twistedmatrix Twisted
Debian Debian Linux 9.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Oracle Zfs Storage Appliance Kit 8.8
605
VMScore
CVE-2015-0895
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin prior to 3.9.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
Tips And Tricks Hq All In One Wordpress Security And Firewall
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »