199 matches found
mod_auth_mellon: open redirect in logout url when using URLs with backslashes
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
SQL Injection
sequelize is vulnerable to SQL injection when using with PostgreSQL. This is due to backslashes that are not being escaped properly in non-standard strings, allowing a remote attacker to inject and execute arbitrary SQL statements in the database...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
DEBIAN-CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
CVE-2019-3877
CVE-2019-3877 affects mod_auth_mellon before v0.14.2. An open redirect in the logout URL can be bypassed when URLs contain backslashes, since browsers convert them to forward slashes and treat the URL as absolute, bypassing apr_uri_parse validation. Remediation per connected advisories is to upgr...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
UBUNTU-CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
PT-2019-1903 · Apache +3 · Mod Auth Mellon +3
Name of the Vulnerable Software and Affected Versions: mod auth mellon versions prior to 0.14.2 Description: A vulnerability in mod auth mellon allows an open redirect in the logout URL, where requests with backslashes are treated as relative URLs, while browsers convert them to forward slashes,...
PT-2019-6168
Name of the Vulnerable Software and Affected Versions ThinkPHP versions prior to 3.2.4 Open Source BMS version 1.1.1 zzzcms zzzphp Description A flaw exists in ThinkPHP related to improper handling of code generation when using backslashes '' as delimiters in the controller name. This can allow a...
Fedora 28 : php-symfony4 (2018-6edf04d9d6)
Version 4.0.15 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas Note that Tenable Network Security has extracted the preceding description block...
CVE-2018-19790
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...
UBUNTU-CVE-2018-19790
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...
CVE-2018-19790
CVE-2018-19790 describes an open redirect vulnerability in Symfony across multiple branches (2.7.x up to 2.7.50, 2.8.x up to 2.8.49, 3.x up to 3.4.20, 4.0.x up to 4.0.15, 4.1.x up to 4.1.9, and 4.2.x up to 4.2.1). The issue arises from using backslashes in the _failure_path input of login forms, ...
GHSA-872G-2H8H-362Q Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...
CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...
CVE-2016-4800
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...