Tornado Environment Issue Vulnerability

Tornado is a Python web framework and asynchronous networking library from the Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it ideal for long-time polling, WebSockets, and other applications that require long-term...

Cloudbees Jenkins Cross-Site Scripting Vulnerability (CNVD-2021-03557)

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A cross-site scripting vulnerabilit...

CVE-2021-21607

The CVE-2021-21607 issue affects Jenkins 2.274 and earlier, and Jenkins LTS 2.263.1 and earlier, where graph rendering URLs do not cap the maximum graph size. This can allow crafted or user-requested URLs to exhaust memory, potentially causing Jenkins to experience out-of-memory errors (DoS). A f...

Cloudbees Jenkins 跨站脚本漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . A cross-site scripting...

Cloudbees Jenkins 跨站脚本漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A cross-site scripting vulnerabilit...

Cloudbees Jenkins 跨站脚本漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A cross-site scripting vulnerabilit...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

CVE-2020-15928

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

CVE-2020-15928

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...

CVE-2020-15928

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...

CVE-2020-15792

A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...

Web Cache Poisoning

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

Design/Logic Flaw

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback...

SQL Injection in untitled-model

All versions of untitled-model re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation No fix is currently available. Consider using an alternative package until a fix is made availab...

GHSA-CRPM-FM48-CHJ7 SQL Injection in resquel

All versions of resquel are vulnerable to SQL Injection. Query parameters are not properly sanitized, allowing attackers to inject SQL statements and execute arbitrary SQL queries Recommendation No fix is currently available. Consider using an alternative package until a fix is made available...

SQL Injection in resquel

All versions of resquel are vulnerable to SQL Injection. Query parameters are not properly sanitized, allowing attackers to inject SQL statements and execute arbitrary SQL queries Recommendation No fix is currently available. Consider using an alternative package until a fix is made available...

OMERO.web Information Disclosure Vulnerability

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web versions prior to 5.6.3, which arises when the program passes sensitive data elements, such as a session key, as URL quer...

CVE-2020-7932

OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...

Path traversal

OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...