96 matches found
Apache HTTP Server 安全漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2025:4300-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4300-1 advisory. - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Tenable has extracted the precedin...
Security update for curl
This update for curl fixes the following issues: CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
SUSE-SU-2025:4309-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...
Security update for curl
This update for curl fixes the following issues: CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
SUSE-SU-2025:4300-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...
SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2025:4236-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4236-1 advisory. - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Tenable has extracte...
SUSE-SU-2025:4180-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...
Siemens SIMATIC S7-1500 Server-Side Request Forgery (SSRF) (CVE-2022-27780)
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
PT-2025-47036
Name of the Vulnerable Software and Affected Versions curl versions prior to 8.17.0 Description The software is susceptible to a path traversal issue when handling URLs with percent-encoded slashes. This could allow an attacker to access files outside the intended directory. Recommendations Updat...
undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser
It was found that the AJP connector in undertow does not use the ALLOWENCODEDSLASH option and thus allows the slash and anti-slash characters encoded in a URL. This may lead to path traversal and result in the information disclosure of arbitrary local files...
DEBIAN-CVE-2018-1048
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files...
resource: traversal vulnerabilities — Mozilla
Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes...
CVE-2004-1939
Cross-site scripting XSS vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes %252F in the key parameter...
CVE-2004-1939
CVE-2004-1939 affects Zaep AntiSpam 2.0. The vulnerability is a cross-site scripting (XSS) flaw in the key parameter, exploitable via double-encoded slashes (%252F). The NVD metrics show a base score of 4.3 (medium) with network attack vector, no confidentiality impact, partial integrity impact, ...
CVE-2004-1939
Cross-site scripting XSS vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes %252F in the key parameter...