Django has potential DoS via MultiPartParser through crafted multipart uploads

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

PT-2026-30850

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description The MultiPartParser component is susceptible to performance degradation when processing multipart uploads containing Content-Transfer-Encoding: base64 wi...

EUVD-2004-0051

Malware in sbrugna...

EUVD-2022-44964

Malicious code in bioql PyPI...

CVE-2022-41796

Untrusted search path vulnerability in the installer of Content Transfer for Windows Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2022-41796

Untrusted search path vulnerability in the installer of Content Transfer for Windows Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2022-41796

Untrusted search path vulnerability in the installer of Content Transfer for Windows Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

Design/Logic Flaw

Untrusted search path vulnerability in the installer of Content Transfer for Windows Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2022-41796

Sony Content Transfer (Windows) installer CVE-2022-41796 is a DLL search path vulnerability in the installer affecting version 1.3 and earlier. The root cause is insecure loading of DLLs via a Trojan horse DLL placed in an unspecified directory, enabling privilege escalation on a local system. Re...

CVE-2022-41796

Untrusted search path vulnerability in the installer of Content Transfer for Windows Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2022-41796

Untrusted search path vulnerability in the installer of Content Transfer for Windows Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

SONY Content Transfer Code Issue Vulnerability

SONY Content Transfer is a file transfer software from Sony Japan. It is suitable for customers who manage music, video, photo, and podcast content using iTunes, etc. SONY Content Transfer suffers from a code issue vulnerability that stems from the installer containing a DLL search path issue tha...

The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries

Overview The installer of Content Transfer for Windows provided by Sony Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...

PT-2022-5833 · Unknown · Content Transfer

Name of the Vulnerable Software and Affected Versions: Content Transfer for Windows versions 1.3 and prior Description: The issue is related to an untrusted search path vulnerability in the installer. This could allow an attacker to elevate privileges by using a specially crafted DLL. The...

JVN#40620121: The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries

The installer of Content Transfer for Windows provided by Sony Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the installer. Solution Do not execute the...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...