Lucene search
+L

199 matches found

RedHat Linux
RedHat Linux
added 2019/04/16 2:49 p.m.5 views

mod_auth_mellon: open redirect in logout url when using URLs with backslashes

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS5.8AI score0.02131EPSS
Exploits0References4
Veracode
Veracode
added 2019/04/11 2:48 a.m.19 views

SQL Injection

sequelize is vulnerable to SQL injection when using with PostgreSQL. This is due to backslashes that are not being escaped properly in non-standard strings, allowing a remote attacker to inject and execute arbitrary SQL statements in the database...

7.5CVSS8.2AI score0.01823EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2019/03/27 1:29 p.m.33 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.5AI score0.02131EPSS
Exploits0References8
NVD
NVD
added 2019/03/27 1:29 p.m.21 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.4AI score0.02131EPSS
Exploits0References8
OSV
OSV
added 2019/03/27 1:29 p.m.1 views

DEBIAN-CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.8AI score0.02131EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2019/03/27 12:19 p.m.34 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.8AI score0.02131EPSS
Exploits0
CVE
CVE
added 2019/03/27 12:19 p.m.131 views

CVE-2019-3877

CVE-2019-3877 affects mod_auth_mellon before v0.14.2. An open redirect in the logout URL can be bypassed when URLs contain backslashes, since browsers convert them to forward slashes and treat the URL as absolute, bypassing apr_uri_parse validation. Remediation per connected advisories is to upgr...

6.1CVSS6.6AI score0.02131EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2019/03/22 1:49 p.m.31 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS4.4AI score0.02131EPSS
Exploits0References3
OSV
OSV
added 2019/03/22 12:0 a.m.3 views

UBUNTU-CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.8AI score0.02131EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/03/22 12:0 a.m.30 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.8AI score0.02131EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/03/20 12:0 a.m.6 views

PT-2019-1903 · Apache +3 · Mod Auth Mellon +3

Name of the Vulnerable Software and Affected Versions: mod auth mellon versions prior to 0.14.2 Description: A vulnerability in mod auth mellon allows an open redirect in the logout URL, where requests with backslashes are treated as relative URLs, while browsers convert them to forward slashes,...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References41
Positive Technologies
Positive Technologies
added 2019/01/12 12:0 a.m.5 views

PT-2019-6168

Name of the Vulnerable Software and Affected Versions ThinkPHP versions prior to 3.2.4 Open Source BMS version 1.1.1 zzzcms zzzphp Description A flaw exists in ThinkPHP related to improper handling of code generation when using backslashes '' as delimiters in the controller name. This can allow a...

10CVSS8.4AI score0.97419EPSS
Exploits8References34
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.26 views

Fedora 28 : php-symfony4 (2018-6edf04d9d6)

Version 4.0.15 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas Note that Tenable Network Security has extracted the preceding description block...

6.1CVSS6.4AI score0.03589EPSS
Exploits0References5
OSV
OSV
added 2018/12/18 10:29 p.m.24 views

CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...

6.1CVSS6.5AI score0.01485EPSS
Exploits0References8
OSV
OSV
added 2018/12/18 10:29 p.m.2 views

UBUNTU-CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...

6.1CVSS7.1AI score0.01485EPSS
Exploits0References3
CVE
CVE
added 2018/12/18 10:0 p.m.83 views

CVE-2018-19790

CVE-2018-19790 describes an open redirect vulnerability in Symfony across multiple branches (2.7.x up to 2.7.50, 2.8.x up to 2.8.49, 3.x up to 3.4.20, 4.0.x up to 4.0.15, 4.1.x up to 4.1.9, and 4.2.x up to 4.2.1). The issue arises from using backslashes in the _failure_path input of login forms, ...

6.1CVSS6.2AI score0.01485EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2018/10/19 4:16 p.m.23 views

GHSA-872G-2H8H-362Q Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

9.8CVSS7AI score0.06363EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2018/10/19 4:16 p.m.42 views

Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

9.8CVSS6.1AI score0.06363EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2017/04/13 2:59 p.m.36 views

CVE-2016-4800

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

9.8CVSS9.4AI score0.06363EPSS
Exploits0References6
OSV
OSV
added 2017/04/13 2:59 p.m.24 views

CVE-2016-4800

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

9.8CVSS6.9AI score
Exploits0References6
Rows per page
Query Builder