VYPR

Vendor CVEs

Trustwave

All CVEs

61 total · sorted by risk
  • CVE-2013-2765Jul 15, 2013
    risk 0.00cvss epss 0.14

    The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

  • CVE-2013-1915Apr 25, 2013
    risk 0.00cvss epss 0.04

    ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity…

  • CVE-2012-2751Jul 22, 2012
    risk 0.00cvss epss 0.03

    ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering…

  • CVE-2009-5031Jul 22, 2012
    risk 0.00cvss epss 0.03

    ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the…

  • CVE-2011-1906May 5, 2011
    risk 0.00cvss epss 0.01

    Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.

  • CVE-2011-0756May 5, 2011
    risk 0.00cvss epss 0.01

    The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.

  • CVE-2009-1903Jun 3, 2009
    risk 0.00cvss epss 0.03

    The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.

  • CVE-2008-5676Dec 19, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via…

  • CVE-2006-3841Jul 25, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error…

  • CVE-2004-1765Dec 31, 2004
    risk 0.00cvss epss 0.05

    Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.

  • CVE-2003-1171Dec 31, 2003
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.

Page 2 of 2