Lucene search
K

29 matches found

Cvelist
Cvelist
added 2020/03/12 1:5 p.m.30 views

CVE-2020-10454

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/sitemap-generator.php by adding a question mark ? followed by the payload...

5AI score0.00733EPSS
Exploits2References2
Cvelist
Cvelist
added 2020/03/12 1:4 p.m.20 views

CVE-2020-10441

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-article-monthly.php by adding a question mark ? followed by the payload...

5AI score0.00611EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/03/12 1:4 p.m.31 views

CVE-2020-10424

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-fields.php by adding a question mark ? followed by the payload...

5AI score0.00611EPSS
Exploits1References2
CVE
CVE
added 2020/03/12 1:4 p.m.48 views

CVE-2020-10410

The CVE-2020-10410 entry corresponds to a Reflected XSS in Chadha PHPKB Standard Multi‑Language 9, triggered by manipulating URIs in admin/header.php to influence admin/edit-user.php (and related admin pages per connected RH records). Red Hat CVE records RH:CVE-2020-10410, RH:CVE-2020-10391, and ...

4.8CVSS4.9AI score0.00611EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2018/09/11 7:53 a.m.5 views

async-http-client: Invalid URL parsing with '?'

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS7.3AI score0.03046EPSS
Exploits0References4
OSV
OSV
added 2017/10/05 12:0 a.m.4 views

UBUNTU-CVE-2017-13720

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

7.1CVSS6.8AI score0.00442EPSS
Exploits0References3
OSV
OSV
added 2016/12/22 9:59 p.m.1 views

DEBIAN-CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host...

7.5CVSS6.8AI score0.01987EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2012/03/19 7:55 p.m.3 views

CVE-2012-1464

Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party informatio...

5CVSS5.6AI score0.03368EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2005/12/20 2:46 p.m.10 views

security flaw

Multiple off-by-one errors in the cURL library libcurl 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that 1 are malformed in a way that prevents a terminating null byte from being added to...

4.6CVSS6AI score0.00516EPSS
Exploits0References4
Rows per page
Query Builder