Moodle Arbitrary Redirect

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer...

Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon

The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...

Jenkins GitLab Authentication Plugin User Redirection Vulnerability

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A user redirection vulnerability exists in Jenkins GitLab Authentication Plugin 1.13 and earlier versions, which stems fr...

Open redirect vulnerability in Jenkins GitLab Authentication Plugin

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. This...

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

Authentication flaw

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

CVE-2022-25196

CVE-2022-25196 affects the Jenkins GitLab Authentication Plugin (1.13 and earlier). The vulnerability arises because the plugin records the HTTP Referer header as part of the URL query parameters at the start of authentication, enabling an attacker with Jenkins access to craft a login URL that re...

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1062)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : curl (ALSA-2021:4511)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4511 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the...

Juniper Junos OS Multiple Vulnerabilities (JSA11289)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11289 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Refere...

SRC-2021-0022 : Dedecms ShowMsg Template Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the rendering templates. The issue results from the lac...

Cross-site Scripting (XSS) - Reflected in slackero/phpwcms

✍️ Description Reflected xss 🕵️‍♂️ Proof of Concept 'HTTP-REFERER: '.echoempty$ref ? 'unknown' : $ref; 💥 Impact xss bug...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2060)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES11 Security Update : curl (SUSE-SU-2021:14707-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14707-1 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in t...

Server-Side Request Forgery in Feehi CMS

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

GHSA-GC45-J3M5-8QFQ Server-Side Request Forgery in Feehi CMS

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-1969)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-30108

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

Server side request forgery (ssrf)

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...