CVSS: 9.8EPSS: 9%CPEs: 169EXPL: 1CVE-2013-2174 – curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs
https://notcve.org/view.php?id=CVE-2013-2174
24 Jun 2013 — Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Desbordamiento de búfer basado en memoria dinámica en la función curl_easy_unescape en lib/escape.c en cURL y libcurl 7.7 a la 7.30.0, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posibl... • http://curl.haxx.se/docs/adv_20130622.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 3%CPEs: 131EXPL: 0CVE-2013-1944 – curl: Cookie domain suffix match vulnerability
https://notcve.org/view.php?id=CVE-2013-1944
29 Apr 2013 — The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. La función tailMatch en cookie.c en cURL y libcurl antes de v7.30.0 no comprueba correctamente la ruta del dominio al enviar las cookies, lo que permite robar las cookies a atacantes remotos a través de un sufijo coincidente en el dominio de una URL. Multiple vulnerabilities have been fo... • http://curl.haxx.se/docs/adv_20130412.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 53%CPEs: 9EXPL: 2CVE-2013-0249 – cURL - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-0249
08 Mar 2013 — Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. Desbordamiento de búfer basado en pila en la función de curl_sasl_create_digest_md5_message de libcurl en lib/curl_sasl.c v7.26.0 hasta v7... • https://www.exploit-db.com/exploits/24487 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 7%CPEs: 26EXPL: 0CVE-2012-0036
https://notcve.org/view.php?id=CVE-2012-0036
13 Apr 2012 — curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. curl y libcurl v7.2x anteriores v7.24.0 no consideran de forma adecuada los caracteres especiales cuando extraen una ruta de un fichero de una URL, lo que permite a atacantes remotos realizar ataques de injección ... • http://curl.haxx.se/curl-url-sanitize.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 4%CPEs: 24EXPL: 1CVE-2011-3389 – HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
https://notcve.org/view.php?id=CVE-2011-3389
06 Sep 2011 — The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClie... • https://github.com/mpgn/BEAST-PoC • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3842
https://notcve.org/view.php?id=CVE-2010-3842
27 Oct 2010 — Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header. Vulnerabilidad de salto de directorio absoluto en curl v7.20.0 hasta v7.21.1, cuando se utiliza la opción --remote-header-name o -J, permite a los servidores remotos crear o sobreescribir archivos arbitrarios mediante el uso de \... • http://curl.haxx.se/docs/adv_20101013.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 80EXPL: 2CVE-2009-0037 – cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass
https://notcve.org/view.php?id=CVE-2009-0037
05 Mar 2009 — The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. La implementación de redirección en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de locali... • https://www.exploit-db.com/exploits/32834 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2006-1061
https://notcve.org/view.php?id=CVE-2006-1061
21 Mar 2006 — Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. • http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2005-4077
https://notcve.org/view.php?id=CVE-2005-4077
08 Dec 2005 — Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 0CVE-2005-3185
https://notcve.org/view.php?id=CVE-2005-3185
13 Oct 2005 — Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •