Lucene search
K

111 matches found

Hacker One
Hacker One
added 2017/07/06 3:33 p.m.76 views

Rockstar Games: Reflected XSS via Double Encoding

The researcher found a Reflected XSS vulnerability in the search query on support.rockstargames.com. This exploit worked by using double-encoding to bypass our filters. With the researcher's help we were able to resolve this vulnerability...

2.7AI score
Exploits0
Veracode
Veracode
added 2017/07/04 3:27 p.m.15 views

Double Encoding Attack

Symfony is vulnerable to double encoding attacks. A malicious user can access restricted URLs by passing a double-encoded string in the url, bypassing the URI restrictions...

6.4CVSS6AI score0.01876EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...

7.5CVSS6.1AI score0.72096EPSS
Exploits11References1
CNVD
CNVD
added 2016/03/29 12:0 a.m.6 views

Drupal Core double-encoded 'destination' parameter open redirect vulnerability

Drupal is a free and open source content management system developed in PHP. An open redirection vulnerability exists in the Drupal Core double encoding of the 'destination' parameter.The Drupal 6 'drupalgoto' function fails to correctly decode the content of $REQUEST'destination' when used,...

7.4CVSS7AI score0.01352EPSS
Exploits0References1
0day.today
0day.today
added 2014/04/30 12:0 a.m.38 views

Lavarel-Security XSS Filter Bypass Vulnerability

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability. Product: Lavarel-Security XSS Filter Bypass Vulnerability: Mutation Based XSS Bypass Impact: Medium/High Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com Status: Fixed ========= Description...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2012/06/05 12:0 a.m.31 views

WordPress 3.3.2 Cross Site Scripting

There is a persistent XSS vulnerability in the wordpress version 3.3.2. However, the severity of this finding is very LOW. The detail is as follow, a Login into an admin account b Navigate to Links - Links Categories c Fill up the required details and intercept the request with a BURP suite. d Th...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2008/11/29 12:0 a.m.23 views

linksys-xss.txt

Linksys WRT160N Wireless Router Double encoding XSS Vulnerability By David Gil http://www.infosec.com.mx [email protected] Using Double encoding attack you can inject XSS code into a HTTP POST request a common user can be easily cheated and compromise router password or router configuration...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.6 views

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS5.9AI score0.12924EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/05/30 4:27 p.m.6 views

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS5.9AI score0.90768EPSS
Exploits2References4
seebug.org
seebug.org
added 2007/05/27 12:0 a.m.40 views

Apache Tomcat JK Web Server Connector双重编码“..”绕过安全限制漏洞

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在处理畸形编码的文件请求时存在漏洞,远程攻击者可能利用此漏洞绕过访问限制。 Apache Tomcat用于连接tomcat和apache之间的连接器JK Web Server Connector没有正确处理URL中双重编码的“..”字串。如果多个组件(防火墙、缓存、代理和Tomcat)处理一个请求的话,这些组件不应迭代的多次解码请求URL,否则就可能绕过最后一个组件之前所实施的访问控制规则。 默认下modjk解码Apache...

7.1AI score
Exploits0
OSV
OSV
added 2007/05/25 6:30 p.m.3 views

DEBIAN-CVE-2007-1860

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS6.6AI score0.12924EPSS
Exploits1References1
Rows per page
Query Builder