19 matches found
PT-2023-13726 · Kiali · Kiali
Name of the Vulnerable Software and Affected Versions: Kiali affected versions not specified Description: A content spoofing issue was found in Kiali, where it does not implement error handling when the page or endpoint being accessed cannot be found. This allows an attacker to perform arbitrary...
SUSE CVE-2019-3498
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...
Opening 404 page (page not found) without user session will open 404 page instead of opening login page.
h3. Issue Summary Opening a random page on Crowd with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information you...
GHSA-337X-4Q8G-PRC5 Improper Input Validation in Django
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...
DEBIAN-CVE-2019-3498
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...
PYSEC-2019-87
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...
PYSEC-2019-17
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...
PYSEC-2019-17
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...
PT-2019-1680 · Django Software Foundation +2 · Django +2
Name of the Vulnerable Software and Affected Versions: Django versions 1.11.x through 1.11.17 Django versions 2.0.x through 2.0.9 Django versions 2.1.x through 2.1.4 Description: The issue is related to insufficient neutralization of special elements in output used by a downstream component. This...
HackerOne: Know whether private program for company exist or not
HI, There are some company which are hosting private BB on HackerOne which are not visible unless they invite you. However, you can check if any company is hosting private BB on HackerOne or not if you can guess the username they use. Generally most company chooses the same name as their company...
Error: "HTTP 404 Not Found" When Accessing StoreFront Through NetScaler Gateway
After you enter your credentials on the NetScaler Gateway login page the following error is displayed: HTTP 404 Page Not Found...
TYPO3 '404 Page not found handling' extension cross-site scripting vulnerability
TYPO3 is a free and open source content management system. 404 Page not found handling is a 404 Page not found handling extension plugin. A cross-site scripting vulnerability exists in the TYPO3 '404 Page not found handling' extension that allows remote attackers to exploit the vulnerability to...
Code injection
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found 404 page...
Uzbey: SQL Injection
https://staging.uzbey.com/rotate-image?fid=2841+and+substringversion,1,1=4 FALSE https://staging.uzbey.com/rotate-image?fid=2841+and+substringversion,1,1=5 TRUE https://staging.uzbey.com/rotate-image?fid=2841+and+1=1+order+by+1-- TRUE...
CVE-2009-0466
Cross-site scripting XSS vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response...
Cross site scripting
Cross-site scripting XSS vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response...
CVE-2009-0466
CVE-2009-0466 is an XSS vulnerability in Vivvo CMS prior to 4.1.1. The issue allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response. Affected software is Vivvo CMS versions before 4.1.1; exact root cause or vulnerable component is desc...
CVE-2009-0466
Cross-site scripting XSS vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response...
PHP-Fusion 6.1.5 Mod Calendar_Panel - Show_Event.php SQL Injection
PHP-Fusion 6.1.5 Mod CalendarPanel - ShowEvent.php SQL Injection source: https://www.securityfocus.com/bid/23225/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...