Django has potential DoS via MultiPartParser through crafted multipart uploads

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

PT-2026-30850

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description The MultiPartParser component is susceptible to performance degradation when processing multipart uploads containing Content-Transfer-Encoding: base64 wi...

EUVD-2004-0051

Malware in sbrugna...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

OWASP ModSecurity Core Rule Set 安全漏洞

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set CRS that stems from Content-Type or Content-Transfer-Encoding MIME header field...

CVE-2022-39956

CVE-2022-39956 affects the OWASP ModSecurity Core Rule Set (CRS) and enables a partial rule set bypass for HTTP multipart requests when a payload uses certain character encoding schemes in Content-Type or Content-Transfer-Encoding headers. The issue impacts legacy CRS versions 3.0.x and 3.1.x, an...

zeek -- Various vulnerabilities

Jon Siwek of Corelight reports: This release fixes the following security issues: Fix potential stack overflow in NVT analyzer Fix NVT analyzer memory leak from multiple telnet authn name options Fix multiple content-transfer-encoding headers causing a memory leak Fix potential leak of Analyzers...

Microsoft Outlook Express 5/6 Script Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8281/info It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but appears to have...

Piwigo任意文件泄露和任意文件删除漏洞

BUGTRAQ ID: 58016 Piwigo是用PHP编写的相册脚本。 Piwigo 2.4.6及其他版本没有正确验证install.php脚本的 'dl'参数值，在实现上存在安全漏洞，攻击者可利用这些漏洞查看受影响计算机上的任意文件，删除受影响应用上下文内的任意文件。 0 Piwigo Piwigo 2.4.6 厂商补丁： Piwigo ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://piwigo.org/bugs/view.php?id=2843...

The Uploader 2.0.4 - Remote File Disclosure

================================================= The Uploader 2.0.4 Remote File disclosure Vulnerability ================================================= ============================================== Script Name : The Uploader Version : 2.0.4 Language : php Author : Xa7m3d [email protected]...

CVE-2007-5094

Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by...

IPSwitch IMail Server 8.0x Remote Heap Overflow Exploit

No description provided by source. / by axis 2007-06-05 http://www.ph4nt0m.org Mail-List: http://list.ph4nt0m.org 脪脭脟掳脫脨脮芒啪枚脪禄啪枚imail碌脛exp PRIVATE Remote Exploit For IMAIL Smtp Server1.2 This is For imail 8.01-8.11 version Usage:faint.exe -d host options Options: -d: Hostname to attack Required -...

CVE-2004-0051

Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as 1 uuencode, 2 mac-binhex40, and 3 yenc, which may be interpreted differently by...

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME Content-Transfer-Encoding mechanism issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030804-005 -- Scope -- The aim of this documen...