60 matches found
CVE-2018-25052
A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...
Cross site scripting
A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...
UBUNTU-CVE-2018-25052
A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...
CVE-2018-25052 Catalyst-Plugin-Session Session ID Session.pm _load_sessionid cross site scripting
A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...
CVE-2018-25052
The CVE-2018-25052 entry concerns Catalyst-Plugin-Session (up to v0.40). The vulnerability affects the Session ID Handler’s function _load_sessionid in lib/Catalyst/Plugin/Session.pm. Malicious manipulation of the sid argument may cause cross-site scripting when processed, and exploitation is des...
CVE-2018-25052
A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site...
PT-2022-8062 · Unknown · Catalyst-Plugin-Session
Name of the Vulnerable Software and Affected Versions: Catalyst-Plugin-Session versions up to 0.40 Description: A vulnerability has been found in the function load sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads ...
Mageia: Security Advisory (MGASA-2017-0439)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...
MGASA-2017-0439 Updated perl-Catalyst-Plugin-Static-Simple package fixes security vulnerability
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character CVE-2017-16248...
Fedora Update for perl-Catalyst-Plugin-Static-Simple FEDORA-2017-5cb8354008
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for perl-Catalyst-Plugin-Static-Simple FEDORA-2017-184d078d87
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 26 : perl-Catalyst-Plugin-Static-Simple (2017-5cb8354008)
Security fix for CVE-2017-16248. Catalyst::Plugin::Static::Simple has been changed to not serve static files with dots in the names i.e. .svn, .git, ... Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
Fedora 25 : perl-Catalyst-Plugin-Static-Simple (2017-184d078d87)
Security fix for CVE-2017-16248. Catalyst::Plugin::Static::Simple has been changed to not serve static files with dots in the names i.e. .svn, .git, ... Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
CVE-2017-16248
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...
CVE-2017-16248
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...
DEBIAN-CVE-2017-16248
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...
CVE-2017-16248
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...
CVE-2017-16248
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character...
CVE-2017-16248
The CVE-2017-16248 entry concerns the Perl Catalyst-Plugin-Static-Simple module prior to version 0.34. The vulnerability allows remote attackers to read arbitrary files when there is a '.' character anywhere in the pathname, contradicting the policy that access should be allowed only if the filen...