Lucene search
K

220 matches found

Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.33 views

PRODSECBUG-2325: Denial-of-service by forcing a store to respond with a 404 error

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.5CVSS7.2AI score0.01175EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2019/05/16 3:0 a.m.25 views

Cross-site Scripting (XSS)

PHP is vulnerable to cross-site scripting attacks. A remote unauthenticated attacker could cause reflected cross-site scripting on the PHAR 404 error page via the URI of a request for a .phar file...

6.1CVSS7AI score0.79949EPSS
Exploits0References15Affected Software4
OSV
OSV
added 2019/04/23 4:7 p.m.104 views

GHSA-XC67-HJX6-CGG6 Installation information leak in Eclipse Jetty

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5.3CVSS6AI score0.05782EPSS
Exploits0References19
NVD
NVD
added 2019/04/22 8:29 p.m.18 views

CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5.3CVSS7AI score0.05782EPSS
Exploits0References18
Prion
Prion
added 2019/04/22 8:29 p.m.37 views

Design/Logic Flaw

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5CVSS6.9AI score0.05782EPSS
Exploits0References18Affected Software21
OSV
OSV
added 2019/04/22 8:29 p.m.2 views

UBUNTU-CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5.3CVSS6.8AI score0.05782EPSS
Exploits0References3
OSV
OSV
added 2019/04/22 8:29 p.m.27 views

CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5.3CVSS5.2AI score
Exploits0References18
Cvelist
Cvelist
added 2019/04/22 8:14 p.m.29 views

CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

7AI score0.05782EPSS
Exploits0References18
Debian CVE
Debian CVE
added 2019/04/22 8:14 p.m.48 views

CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

5.3CVSS6.4AI score0.05782EPSS
Exploits0
Prion
Prion
added 2019/04/06 8:29 p.m.19 views

Design/Logic Flaw

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgihandler.py mishandle 404 errors...

4.3CVSS5.9AI score0.01568EPSS
Exploits1References5Affected Software2
AlpineLinux
AlpineLinux
added 2019/01/09 10:0 p.m.69 views

CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

6.5CVSS6.5AI score0.03685EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/01/07 2:50 a.m.21 views

CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

6.5CVSS2.3AI score0.03685EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.41 views

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:1176-1)

This update for php7 fixes the following issues: Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

7.5CVSS6.3AI score0.10433EPSS
Exploits0References13
exploitpack
exploitpack
added 2018/11/06 12:0 a.m.18 views

LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions

LibreHealth 2.0.0 - Authenticated Arbitrary File Actions Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Date: 2018-10-19 Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP,...

0.3AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/10/09 7:0 a.m.51 views

Description of the security update for SharePoint Enterprise Server 2013: October 9, 2018

None None...

5.4CVSS6.5AI score0.02715EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2018/10/09 7:0 a.m.34 views

Description of the security update for SharePoint Enterprise Server 2016: October 9, 2018

None None...

5.4CVSS6.5AI score0.02715EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/07/30 3:49 a.m.31 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS2.1AI score0.00894EPSS
Exploits0References2
Prion
Prion
added 2018/07/23 7:29 p.m.20 views

Cross site scripting

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

3.5CVSS6.3AI score0.00894EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2018/07/23 7:29 p.m.31 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS5.1AI score0.00894EPSS
Exploits0References2
OSV
OSV
added 2018/07/23 7:29 p.m.24 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS5.7AI score
Exploits0References2
Rows per page
Query Builder