Lucene search
K

274 matches found

Tenable Nessus
Tenable Nessus
added 2023/01/10 12:0 a.m.30 views

Debian dla-3264 : ruby-rack-protection - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3264 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3264-1 [email protected] https://www.debian.org/lts/security/...

8.8CVSS7.1AI score0.00642EPSS
Exploits1References4
Snyk
Snyk
added 2023/01/03 1:36 p.m.3 views

External Control of Assumed-Immutable Web Parameter

Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...

6.5CVSS7AI score0.0129EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/29 12:7 p.m.3 views

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to improper validation of the Content-Disposition header when the filename was provided by the user. Exploiting this vulnerability results in a reflected file download RFD attack...

8.8CVSS6.9AI score0.00642EPSS
Exploits1References2
OSV
OSV
added 2022/11/28 9:15 p.m.6 views

UBUNTU-CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...

8.8CVSS6.4AI score0.00642EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2022/11/28 12:0 a.m.28 views

CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...

8.8CVSS7.3AI score0.00642EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/11/28 12:0 a.m.2 views

CVE-2022-45442 Sinatra vulnerable to Reflected File Download attack

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...

8.8CVSS7AI score0.00642EPSS
Exploits1References5
OSV
OSV
added 2022/08/03 2:15 p.m.3 views

DEBIAN-CVE-2022-36359

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...

8.8CVSS7.6AI score0.00657EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/03 12:0 a.m.4 views

PT-2022-7277 · Sinatra +8 · Sinatra +8

Name of the Vulnerable Software and Affected Versions: Sinatra versions 2.0 through 2.2.2 Sinatra versions 3.0 through 3.0.3 Description: The issue is related to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from...

10CVSS7.8AI score0.02059EPSS
Exploits1References70
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/15 7:7 p.m.57 views

Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)

Summary Pip as used by IBM QRadar Advisor With Watson to manage python packages is vulnerable to multiple vulnerabilities. IBM QRadar Advisor With Watson has addressed the applicable CVEs by updating pip. Vulnerability Details CVEID: CVE-2019-20916 DESCRIPTION: pypa pip package for python could...

7.8CVSS1.1AI score0.03028EPSS
Exploits3Affected Software1
OSV
OSV
added 2022/05/01 5:53 p.m.7 views

GHSA-7JJR-3R8R-9PCF Trac missing Content-Disposition HTTP header

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

6.9CVSS6.4AI score0.01342EPSS
Exploits0References3
CNVD
CNVD
added 2021/05/19 12:0 a.m.5 views

Spark Information Disclosure Vulnerability (CNVD-2021-37593)

Spark is a public domain FHIR server developed using C. A security vulnerability exists in versions prior to Firely/Incendi Spark 1.5.5-r4, which stems from the lack of a Content-Disposition header in some cases, which could result in carefully crafted files being delivered to the client to be...

6.1CVSS6.7AI score0.01002EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.4 views

Firely/Incendi Spark 安全漏洞

Spark is a public domain FHIR server developed using C. A security vulnerability exists in versions prior to Firely/Incendi Spark 1.5.5-r4, which stems from the lack of a Content-Disposition header in some cases, which could result in carefully crafted files being delivered to the client to be...

6.1CVSS5.5AI score0.01002EPSS
Exploits0References4
OSV
OSV
added 2021/02/27 6:15 a.m.6 views

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

9.8CVSS7.3AI score0.16062EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/02/27 5:1 a.m.31 views

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

9.9AI score0.16062EPSS
Exploits1References1
CNVD
CNVD
added 2021/01/13 12:0 a.m.4 views

OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03040)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability via a specially crafted Content-Disposition header ...

6.1CVSS6.1AI score0.01133EPSS
Exploits0References1
OSV
OSV
added 2021/01/12 10:15 p.m.4 views

CVE-2021-23929

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/?delivery=view URI...

6.1CVSS6.4AI score0.01133EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/11/04 1:25 a.m.5 views

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

7.5CVSS7.6AI score0.03028EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/11/04 12:53 a.m.3 views

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

7.5CVSS7.6AI score0.03028EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/10/20 4:3 p.m.7 views

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

7.5CVSS7.6AI score0.03028EPSS
Exploits1References4
OSV
OSV
added 2020/09/04 8:15 p.m.59 views

PYSEC-2020-173

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

7.5CVSS3.7AI score0.03028EPSS
Exploits1References7
Rows per page
Query Builder