GHSA-MH2X-FCQH-FMQV @sveltejs/kit has unescaped error message included on error page

Summary The static error.html template for errors contains placeholders that are replaced without escaping the content first. Details From https://kit.svelte.dev/docs/errors: error.html is the page that is rendered when everything else fails. It can contain the following placeholders:...

Apache Tomcat - Authentication Bypass

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

Simple Web Server 2.3-RC1 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Simple Web Server 2.3-RC1 Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Simple Web...

CVE-2024-30125

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die...

CVE-2024-30125 HCL BigFix Compliance is affected by an internal server error

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die...

Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs

Status Checker is a Python script that checks the status of one or multiple URLs/domains and categorizes them based on their HTTP status codes. Version 1.0.0 Created BY BLACK-SCORP10 t.me/BLACK-SCORP10 Features Check the status of single or multiple URLs/domains. Asynchronous HTTP requests for...

OESA-2024-1452 mod_http2 security update

Modhttp2 is an official Apache httpd module, first released in 2.4.17. See Apache downloads to get a released version. modproxyhttp2 has been released in 2.4.23. Security Fixes: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTT...

Exploit for CVE-2023-22622

DoS WP-Cron - CVE-2023-22622 Exploit PoC Overview This re...

Insertion Of Sensitive Information Into Log File

github.com/elastic/beats is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is caused due to logging the raw event object in the WARN and ERROR level if the ingesting failed with any 4XX HTTP status code except 409 or 209. This can lead to insertion of sensitive ...

GHSA-93P6-9CXV-5RPQ juzawebCMS Incorrect Access Control vulnerability

juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...

CVE-2023-46906

juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...

CVE-2023-46906

juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...

Improper access control

juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...

CVE-2023-46906

juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

Default credentials

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

PT-2023-31411 · Elastic · Agent +2

Name of the Vulnerable Software and Affected Versions: Beats versions prior to 7.17.16 Beats versions prior to 8.11.3 Elastic Agent versions prior to 7.17.16 Elastic Agent versions prior to 8.11.3 Description: An issue was discovered whereby Beats and Elastic Agent would log a raw event in its ow...

K15939: pl_tree.php XSS vulnerability CVE-2014-9342

Security Advisory Description Cross-site scripting XSS vulnerability in the tree view pltree.php feature in Application Security Manager ASM in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation...

SUSE CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...