CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

The vulnerability of the Routing Protocols Daemon (RPD) error handler on the JunOS operating system allows a attacker to cause a service failure.

The vulnerability of the Routing Protocols Daemon RPD error handler on the JunOS operating system is related to errors in resource release. Exploiting this vulnerability could allow a malicious actor to cause service failure by using a specially crafted MPLS RSVP packet...

Artifex Ghostscript Code Injection Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

LibTIFF Buffer Overflow Vulnerability (CNVD-2018-14918)

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A buffer overflow vulnerability exists in the unixErrorHandler in tifunix.c in LibTIFF 4.0.9. An attacker can exploit this vulnerability via TIFFClientOpen, TIFFFdOpen, TIFFRawStripSize, TIFFCheckTile,...

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

Linux kernel competitive conditions vulnerability (CNVD-2018-05305)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A competitive condition vulnerability exists in the 'storeintwithrestart' function in the arch/x86/kernel/cpu/mcheck/mce.c file in the Linux kernel. A local attacker c...

Cross site scripting

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php...

CVE-2018-6010

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php...

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

International Islamic University Chittagong: Improper error handler

during the analysis it was found that when we submit the form and try to upload a txt file then it show a error page with internal path disclosure...

Yii Framework Cross-Site Scripting Vulnerability (CNVD-2017-25538)

Yii Framework is the Yii team developed a set of component-based , high-performance PHP framework for developing large-scale Web applications . Yii Framework 2.0.12 version of the framework/views/errorHandler/exception.php file has a cross-site scripting vulnerability , the vulnerability stems fr...

Cross site scripting

Cross-site scripting XSS vulnerability in the error handler in MyBB aka MyBulletinBoard before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross-site Scripting (XSS)

Grails-core is vulnerable to cross-site scripting XSS attacks through the default error handler. The default error handler does not sanitize user-input values when displaying an error, allowing an attacker to inject arbitrary Javascript code into a victim's browser...

The vulnerability of the MySQL database management system allows unauthorized users, after passing authentication, to affect the accessibility of data.

Software vulnerability in Oracle MySQL, related to an error that occurs when working with a software error handler component. Exploiting this vulnerability allows a authorized user to compromise the accessibility of data...

kernel security and bug fix update

3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...

CVE-2007-1883

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain...

Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rцsemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

CMS Contenido 4.9.5 Cross Site Scripting

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

FreeBSD : drupal6 -- multiple vulnerabilities (1acf9ec5-877d-11e0-b937-001372fd0af2)

Drupal Team reports : A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-scree...