Lucene search
K

60 matches found

UbuntuCve
UbuntuCve
added 2022/12/28 12:15 p.m.21 views

CVE-2018-25052

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...

6.1CVSS4.5AI score0.00529EPSS
Exploits0References2
Prion
Prion
added 2022/12/28 12:15 p.m.14 views

Cross site scripting

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...

5.8CVSS6AI score0.00529EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/12/28 12:15 p.m.1 views

UBUNTU-CVE-2018-25052

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...

6.1CVSS3.8AI score0.00529EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/28 11:19 a.m.21 views

CVE-2018-25052 Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scripting

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...

3.5CVSS6AI score0.00529EPSS
Exploits0References4
CVE
CVE
added 2022/12/28 11:19 a.m.66 views

CVE-2018-25052

The CVE-2018-25052 entry concerns Catalyst-Plugin-Session (up to v0.40). The vulnerability affects the Session ID Handler’s function _load_sessionid in lib/Catalyst/Plugin/Session.pm. Malicious manipulation of the sid argument may cause cross-site scripting when processed, and exploitation is des...

6.1CVSS4.8AI score0.00529EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2022/12/28 11:19 a.m.15 views

CVE-2018-25052

A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...

6.1CVSS4AI score0.00529EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.3 views

PT-2022-8062 · Unknown · Catalyst-Plugin-Session

Name of the Vulnerable Software and Affected Versions: Catalyst-Plugin-Session versions up to 0.40 Description: A vulnerability has been found in the function load sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads ...

6.1CVSS4.4AI score0.00529EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2017-0439)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02434EPSS
Exploits0References4
Mageia
Mageia
added 2017/12/01 11:13 p.m.45 views

Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...

7.5CVSS6.2AI score0.02434EPSS
Exploits0References2
OSV
OSV
added 2017/12/01 11:13 p.m.7 views

MGASA-2017-0439 Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...

7.5CVSS7.4AI score0.02434EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/11/23 12:0 a.m.76 views

Fedora Update for perl-Catalyst-Plugin-Static-Simple FEDORA-2017-5cb8354008

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02434EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/11/23 12:0 a.m.13 views

Fedora Update for perl-Catalyst-Plugin-Static-Simple FEDORA-2017-184d078d87

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02434EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/11/16 12:0 a.m.21 views

Fedora 26 : perl-Catalyst-Plugin-Static-Simple (2017-5cb8354008)

Security fix for CVE-2017-16248. Catalyst::Plugin::Static::Simple has been changed to not serve static files with dots in the names i.e. .svn, .git, ... Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

7.5CVSS7.1AI score0.02434EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/11/16 12:0 a.m.24 views

Fedora 25 : perl-Catalyst-Plugin-Static-Simple (2017-184d078d87)

Security fix for CVE-2017-16248. Catalyst::Plugin::Static::Simple has been changed to not serve static files with dots in the names i.e. .svn, .git, ... Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

7.5CVSS7.1AI score0.02434EPSS
Exploits0References2
NVD
NVD
added 2017/11/01 1:29 a.m.9 views

CVE-2017-16248

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...

7.5CVSS7.5AI score0.02434EPSS
Exploits0References3
OSV
OSV
added 2017/11/01 1:29 a.m.4 views

CVE-2017-16248

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...

7.5CVSS7.5AI score
Exploits0References3
OSV
OSV
added 2017/11/01 1:29 a.m.3 views

DEBIAN-CVE-2017-16248

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...

7.5CVSS6.9AI score0.02434EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/11/01 1:29 a.m.20 views

CVE-2017-16248

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...

7.5CVSS7.2AI score0.02434EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/11/01 1:0 a.m.18 views

CVE-2017-16248

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...

7.4AI score0.02434EPSS
Exploits0References3
CVE
CVE
added 2017/11/01 1:0 a.m.47 views

CVE-2017-16248

The CVE-2017-16248 entry concerns the Perl Catalyst-Plugin-Static-Simple module prior to version 0.34. The vulnerability allows remote attackers to read arbitrary files when there is a '.' character anywhere in the pathname, contradicting the policy that access should be allowed only if the filen...

7.5CVSS7.3AI score0.02434EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder