849 matches found
CVE-2024-54153
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...
CVE-2024-54153
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...
CVE-2024-54153
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...
CVE-2024-54153
CVE-2024-54153 applies to JetBrains YouTrack versions prior to 2024.3.51866. The Red Hat and other sources confirm an information disclosure where an unauthenticated database backup could be downloaded via a vulnerable query parameter. The issue stems from missing access control on that parameter...
CVE-2024-54153
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter...
Internet Bug Bounty: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
A possible ReDoS vulnerability was discovered in the query parameter filtering routines of Action Dispatch in Ruby on Rails. The vulnerability was assigned the CVE identifier CVE-2024-41128. Versions affected were less than 8.0.0.beta1. The issue was addressed in fixed versions 7.2.1.1, 7.1.4.1,...
PT-2024-9180 · Jetbrains · Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.51866 Description: The issue is related to the absence of an authorization procedure when handling a query parameter, allowing an unauthenticated database backup download. This could enable a remote...
PT-2024-39213 · WordPress · Mailmunch
Name of the Vulnerable Software and Affected Versions: The MailMunch – Grow your Email List plugin for WordPress versions up to, and including, 3.1.8 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This...
OESA-2024-2411 rubygem-actionpack security update
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests...
Interlib Library Cluster Automation Management System 注入漏洞
Interlib Library Cluster Automation Management System is a library cluster automation management system from Interlib. An injection vulnerability exists in Interlib Library Cluster Automation Management System 2.0.1 and earlier versions, which is caused by SQL injection in the parameter sql...
TONGDA Office Anywhere SQL注入漏洞
TONGDA Office Anywhere is a collaborative office OA system of China Tongda TONGDA. TONGDA Office Anywhere has a SQL injection vulnerability, which originates from the querystr parameter of the /module/wordmodel/view/index.php page containing a SQL injection vulnerability...
TP-LINK MR200 安全漏洞
TP-LINK MR200 is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK MR200 version 210201, which stems from a null pointer dereference in a query parameter, which could lead to a denial of service by a local or remote unauthenticated attacker...
PT-2024-31797 · Sharp +1 · Sharp Mfps +1
Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, resulting in an Out-of-bounds Read. Crafted HTTP requests may cause the affected...
Regular Expression Denial Of Service (ReDoS)
Action Pack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the improper handling of regular expressions in the query parameter filtering routines, allowing attackers to craft input that significantly delays processing and potentially leads to a Denial of...
DEBIAN-CVE-2024-41128
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...
CVE-2024-41128
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...
CVE-2024-41128
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...
CVE-2024-41128 Action Dispatch has possible ReDoS vulnerability in query parameter filtering
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...
CVE-2024-41128 Action Dispatch has possible ReDoS vulnerability in query parameter filtering
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...
CVE-2024-41128 Action Dispatch has possible ReDoS vulnerability in query parameter filtering
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...