Lucene search
K

122 matches found

Exploit DB
Exploit DB
added 2019/07/24 12:0 a.m.283 views

Trend Micro Deep Discovery Inspector IDS - Security Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DEEP-DISCOVERY-INSPECTOR-PERCENT-ENCODING-IDS-BYPASS.txt + ISR: Apparition Security Vendor www.trendmicro.com Product Deep Discovery Inspector Deep Discovery...

7.4AI score
Exploits0
CNVD
CNVD
added 2019/01/18 12:0 a.m.3 views

MailEnable Trust Management Vulnerability

MailEnable is a suite of POP3 and SMTP mail servers from MailEnable Australia. A security vulnerability exists in MailEnable versions prior to 8.60. The vulnerability stems from AUTH.TAB incorrectly handling the '%0A' sequence after receiving a password change request. An attacker can exploit the...

9.8CVSS6.9AI score0.0248EPSS
Exploits1References1
NVD
NVD
added 2018/07/31 9:29 p.m.17 views

CVE-2016-8622

The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get...

9.8CVSS6.7AI score0.0467EPSS
Exploits0References9
Cvelist
Cvelist
added 2018/07/31 9:0 p.m.25 views

CVE-2016-8622

The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get...

3.7CVSS8.6AI score0.0467EPSS
Exploits0References9
OSV
OSV
added 2018/04/07 9:29 p.m.5 views

UBUNTU-CVE-2018-9846

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...

8.8CVSS7.2AI score0.02289EPSS
Exploits0References7
OSV
OSV
added 2017/05/03 10:59 a.m.3 views

CVE-2016-10367

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

7.5CVSS5.8AI score0.16109EPSS
Exploits1References1
Prion
Prion
added 2017/04/20 5:59 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal...

4.3CVSS6AI score0.01122EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2017/04/20 5:59 p.m.23 views

CVE-2016-6334

Cross-site scripting XSS vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal...

6.1CVSS6.9AI score0.01122EPSS
Exploits0References2
NVD
NVD
added 2017/04/20 5:59 p.m.16 views

CVE-2016-6334

Cross-site scripting XSS vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal...

6.1CVSS6AI score0.01122EPSS
Exploits0References4
OSV
OSV
added 2017/04/20 5:59 p.m.2 views

DEBIAN-CVE-2016-6334

Cross-site scripting XSS vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal...

6.1CVSS6.2AI score0.01122EPSS
Exploits0References1
CVE
CVE
added 2017/04/20 5:0 p.m.49 views

CVE-2016-6334

The CVE-2016-6334 issue affects MediaWiki and is caused by the Parser::replaceInternalLinks2 path, enabling XSS via improper handling of percent-encoded content in unclosed internal links. Affected versions include MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1. The vuln...

6.1CVSS6AI score0.01122EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/04/05 8:59 p.m.3 views

DEBIAN-CVE-2017-7443

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...

6.1CVSS7AI score0.00714EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/11/07 12:0 a.m.51 views

Debian DSA-3705-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. - CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case...

9.8CVSS7.3AI score0.05915EPSS
Exploits0References22
curl security advisories
curl security advisories
added 2016/11/02 8:0 a.m.6 views

URL unescape heap overflow via integer truncation

The URL percent-encoding decode function in libcurl is called curleasyunescape. Internally, even if this function would be made to allocate a destination buffer larger than 2GB, it would return that new length in a signed 32-bit integer variable, thus the length would get either truncated only or...

9.8CVSS7AI score0.0467EPSS
Exploits0Affected Software2
Check Point Advisories
Check Point Advisories
added 2014/10/23 12:0 a.m.1 views

JavaScript Percent-Encoding Obfuscation

Although various security products provide coverage against many web vulnerabilities, such as ActiveX exploits, these known exploits could potentially bypass security products by using JavaScript obfuscation techniques.An example of such a technique is percent-encoding, also known as URL encoding...

1.7AI score
Exploits0
OSV
OSV
added 2014/03/28 3:55 p.m.1 views

DEBIAN-CVE-2014-2525

Heap-based buffer overflow in the yamlparserscanuriescapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file...

6.8CVSS7.9AI score0.09264EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2011/05/23 12:0 a.m.4 views

PT-2011-3356 · Mediawiki · Mediawiki

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

4.3CVSS5.3AI score0.02591EPSS
Exploits2References10
Positive Technologies
Positive Technologies
added 2008/02/08 12:0 a.m.6 views

PT-2008-1472 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.36 Apache Tomcat versions 5.5.0 through 5.5.25 Apache Tomcat versions 6.0.0 through 6.0.14 Description: The issue arises from improper handling of double quote " characters or %5C encoded backslash...

5CVSS5.2AI score0.9444EPSS
Exploits9References78
Prion
Prion
added 2007/04/03 12:19 a.m.13 views

Design/Logic Flaw

web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files 1 via a crafted filename or 2 by "using percent encoding in forms."...

5CVSS6.7AI score0.01222EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/04/03 12:0 a.m.47 views

CVE-2007-1832

The CVE-2007-1832 vulnerability affects web-app.org WebAPP prior to version 0.9.9.6. It allows remote authenticated users to upload certain files through two vectors: (1) via a crafted filename and (2) by using percent encoding in forms. The available sources describe the issue and confirm the up...

5CVSS6.2AI score0.01222EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder