312 matches found
openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:0024-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0024-1 advisory. - In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes...
CVE-2021-24765
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue...
OESA-2022-1491 lighttpd security update
Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...
DEBIAN-CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
ALPINE-CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
UBUNTU-CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
Stack overflow
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
CVE-2021-38713
imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header...
imgurl跨站脚本漏洞
imgurl is a simple, pure graph bed program developed using PHP + SQLite 3. A cross-site scripting vulnerability exists in imgURL version 2.31, which allows attackers to trigger cross-site scripting via the X-Forwarded-For HTTP header...
Gin-Gonic Gin Environmental Vulnerabilities
Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. github.com/gin-gonic/gin A security vulnerability exists in all versions, which stems from the ability to spoof a client's IP by setting the X-Forwarded-For header...
PT-2020-16997 · Sentrifugo · Sentrifugo
Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: The issue allows for Stored Cross-Site Scripting XSS by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator views logs, the payload is executed. This...
PT-2020-16728 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.0 Description: The issue concerns the FileImporter extension, which failed to properly attribute user actions to a specific user's IP address. It would report the IP address of an internal server instead, by...
CVE-2020-19451
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via comjdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter...
Knock Knock Security Restriction Bypass Vulnerability
Pixel & Tonic Craft CMS is the United States Pixel & Tonic company's set of content management system CMS.Knock Knock is one of the access rights management plugin. A security vulnerability exists in Knock Knock versions prior to 1.2.8 for Pixel & Tonic Craft CMS. The vulnerability can be exploit...
TeamPass Information Disclosure Vulnerability
TeamPass is an open source password manager from the developers of NILS LAUMAILL? software. A security vulnerability exists in the REST API functionality in TeamPass version 2.1.27.36. An attacker can exploit the vulnerability to bypass IP address whitelisting restrictions with the help of the...