GHSA-WFM3-GQ9H-MRJM Appwrite Directory Traversal vulnerability

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...

Bottle does not properly limit content-types

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

CVE-2021-30458

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a tag, bypassing sanitization steps, and potentially allowing for XSS...

MediaWiki Parsoid 跨站脚本漏洞

MediaWiki Parsoid is a MediaWiki community open source application . Provides a a library that allows conversion back and forth between Wikitext and HTML. A cross-site scripting vulnerability exists in Wikimedia Parsoid versions prior to 0.11.1 and 0.12.x series versions prior to 0.12.2, which ca...

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

Joomla Component acctexp <= 0.12.x Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================== Joomla Component acctexp \n"; print " Example: perl acctexp.pl www.host.com /joomla/ -g 1 \n"; print " \n"; print " Options: \n"; print " -g usage id \n"; print " Note: \n";...