CVE-2023-42457

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

Exploit for HTTP Request Smuggling in F5 Nginx

CVE-2019-20372 This repository is for educational purposes o...

Critical Photon OS Security Update - PHSA-2023-5.0-0078

Updates of 'libarchive', 'nginx', 'grpc' packages of Photon OS have been released...

CVE-2020-21699

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests...

CVE-2020-21699

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests...

CVE-2020-21699

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests...

Integer overflow

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests...

GHSA-7CH3-7PP7-7CPQ Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...

CVE-2020-21699

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests...

CVE-2020-21699

CVE-2020-21699 affects Tengine 2.2.2 (built on Nginx) and Nginx 0.5.6–1.13.2, caused by an integer overflow in the nginx range filter module that leads to leakage of potentially sensitive information via specially crafted requests. Impact: information disclosure. Mitigation: upgrade to a non-vuln...

CVE-2023-4334

Broadcom RAID Controller Web server nginx is serving private files without any authentication...

CVE-2023-4335

The CVE-2023-4335 issue affects the Broadcom RAID Controller Web server (nginx) on Linux, where private server-side files are served without authentication due to a flaw in access control. Impact is exposure of confidential information; CVSS base score 7.5 (HIGH) with network attack vector and no...

CVE-2023-4334 Broadcom RAID Controller Web server (nginx) is serving private files without any authentication

Broadcom RAID Controller Web server nginx is serving private files without any authentication...

CVE-2023-4334

The CVE-2023-4334 issue affects Broadcom RAID Controller Web server (nginx); the vulnerability arises because the web server serves private files without requiring authentication, enabling exposure of private data over the network. Public sources in the connected documents corroborate that unauth...

PT-2023-26967 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing...

(0Day) (Pwn2Own) Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the web...

copyparty vulnerable to reflected cross-site scripting via k304 parameter

Summary The application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=... Details A reflected cross-site scripting XSS vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking user...

copyparty vulnerable to reflected cross-site scripting via hc parameter

Summary The application contains a reflected cross-site scripting via URL-parameter ?hc=... Details A reflected cross-site scripting XSS vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking users into accessing ...

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017...

PimpMyLog 1.7.14 Improper Access Control

Exploit Title: PimpMyLog v1.7.14 - Improper access control Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from...