280 matches found
CVE-2020-35554
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 December 2020...
GHSA-F7F4-HQP2-7PRC Improper Input Validation in sails-hook-sockets
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
DEBIAN-CVE-2020-5274
In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...
PT-2020-18364 · Symfony · Symfony +1
Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4.5 and 5.0.5 symfony/http-foundation versions prior to 4.4.5 and 5.0.5 Description: The issue arises from the ErrorHandler rendering unescaped properties of the Exception class when displaying the stacktrace, whic...
Cross-site Scripting (XSS)
ratpack-core is susceptible to cross-site scripting XSS. It does not sanitize the user input rendered as an exception message in the development error handler, allowing an attacker to inject malicious script via the message.The library is vulnerable only through the development mode's error handl...
Cross site scripting
All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...
GHSA-R2WF-Q3X4-HRV9 Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)
Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...
Cross-site Scripting (XSS)
Overview io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the...
Cross-site Scripting in Jooby
Jooby before 1.6.4 has XSS via the default error handler...
GHSA-F5F4-M7QP-W6GC Cross-site Scripting in Jooby
Jooby before 1.6.4 has XSS via the default error handler...
Cross-site Scripting (XSS)
Jooby is vulnerable to cross-site scripting XSS. The attack can be triggered when an attacker inject a malicious script through the default error handler...
CVE-2019-15477
Jooby before 1.6.4 has XSS via the default error handler...
CVE-2019-15477
Jooby before 1.6.4 has XSS via the default error handler...
Default credentials
Jooby before 1.6.4 has XSS via the default error handler...
CVE-2016-10789
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...
CVE-2016-10789
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can...
CVE-2019-5051
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...
CVE-2019-5051
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...
UBUNTU-CVE-2019-11390
DISPUTED An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition...