CVE-2024-10604

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...

Strikingly CMS 安全漏洞

Strikingly CMS is a content publishing platform. A security vulnerability exists in Strikingly CMS that stems from the Strikingly JavaScript library parsing URL fragments to allow access to proto or constructor properties and object prototypes...

SUSE CVE-2012-2815

Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain...

CVE-2021-45484

In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG...

Envoy 安全漏洞

Envoy is an open source distributed proxy server. Envoy suffers from a security vulnerability that stems from incorrectly evaluating HTTP requests containing URI fragments when an authorization policy based on URI paths is specified. An attacker could use this vulnerability to bypass the...

The vulnerability of the Apache Traffic Server web server arises from the improper processing of URL fragments, allowing attackers to compromise the integrity of the protected information.

The vulnerability of the Apache Traffic Server web server is related to the improper processing of URL fragments. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

CVE-2020-4640

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make u...

CVE-2020-4640

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make u...

Docsify.js 4.11.4 - Reflective Cross-Site Scripting

Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Date: 2020-06-22 Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE : CVE-2020-7680 docsify.js uses fragment identifie...

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

CVE-2020-7680

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

Cross-site Scripting (XSS)

Overview docsify is a magical documentation site generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to...

KLA11204 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to cause denial of service or spoof user interface. Below is a complete list of vulnerabilities: 1. Incorrect processing of AppMenifests can be exploited remotely to perfo...

CVE-2017-5075

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...

WordPress uDesign Theme Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL servers to set up a personal blog site. uDesign aka U-Design is one of the theme plug-ins. A cross-site scripting vulnerability exists in WordPress...

Google Chrome Input Validation Vulnerability (CNVD-2015-03346)

Google Chrome on Android is a web browser developed by the American company Google Google for the Android platform. A security vulnerability exists in the android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java file in versions of Google Chrome prior to 43.0.2357.65 on the Android...

kernel: net: improve sequence number generation

The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...

kernel: net: improve sequence number generation

The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...

PT-2011-1066 · Suse +2 · Ext4Dev-Kmp-Trace +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.1 ext4dev-kmp-trace affected versions not specified Description: The issue concerns the Linux kernel's IPv4 and IPv6 implementations, which use a modified MD4 algorithm. This makes it easier for remote attacke...