139 matches found
CVE-2020-3502
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...
Debian: Security Advisory (DLA-2038-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VulnCheck KEV: CVE-2005-0862
Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbbrootpath parameter to 1 pocloginform.php or 2 phpbb/poc.php, the pocrootpath parameter to 3 phpbb/poc.php, 4...
GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
spring-framework: Improper URL path validation allows for bypassing of security checks on static resources
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
Security feature bypass
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
UBUNTU-CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
DEBIAN-CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
CVE-2018-1199
CVE-2018-1199 affects Spring Security (4.1.x before 4.1.5, 4.2.x before 4.2.4, 5.0.x before 5.0.1) and Spring Framework (4.3.x before 4.3.14, 5.0.x before 5.0.3). The issue is that URL path parameters are not consistently handled when evaluating security constraints, allowing an attacker to bypas...
CVE-2018-1199
Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...
Arbitrary File Deletion Vulnerability in Rice CMS v5.9.9 (CNVD-2018-03743)
DAMI CMS is a free open-source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smartphone station building solutions. An arbitrary file deletion vulnerability exists in Daimi CMS v5.9.9, which is due ...
Security Constraint Bypass
spring-security-web and spring-web are vulnerable to security bypass with static resources. Spring uses the output of getPathInfo when mapping security constraints and requests. It is not standardized whether the path parameters should be included in the value from getPathInfo. Using this...
DEBIAN-CVE-2017-7559
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...
UBUNTU-CVE-2017-7559
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...
undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...
undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...
undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...