183 matches found
CVE-2023-28022
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...
CVE-2023-28022
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...
CVE-2023-28022
CVE-2023-28022 affects HCL Connections and is described as an information-disclosure vulnerability caused by improper handling of request data. The NVD entry assigns CVSS v3.1 base score 6.5 (Medium) with Network attack vector, Low attack complexity, Privileges required: Low, User interaction: No...
CVE-2023-28022 HCL Connections is vulnerable to sensitive information disclosure
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...
HCL Technologies HCL Connections Security Breach
HCL Technologies HCL Connections is a suite of enterprise collaboration platforms from US-based HCL Technologies. HCL Connections suffers from a security vulnerability that stems from susceptibility to an information disclosure vulnerability that could allow users to obtain sensitive information ...
GHSA-XFV5-JQGP-VQHJ Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...
PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting
Exploit Title: PHPJabbers Apointment Scheduler v3.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Windows...
PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting
Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested...
python-werkzeug: high resource usage when parsing multipart form data with many fields
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...
GaatiTrack Courier Management System 1.0 Cross Site Scripting Vulnerability
Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...
PT-2023-31538 · Camera · Camera
Name of the Vulnerable Software and Affected Versions: Camera affected versions not specified Description: A flaw has been discovered that allows for authenticated command injection on the camera. An attacker could inject malicious data into request packets to execute commands. Recommendations: A...
DEBIAN-CVE-2023-42795
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...
Apache Tomcat Security Vulnerability
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement support for Servlet and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat, which stems from a security hole when recycling internal objects, leading to the...
PT-2023-6629 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.2.0-beta1 through 4.2.0-rc1 Description: The issue is related to insufficient request validation on the server side, allowing attackers to inject arbitrary data into HTTP requests issued by Mastodon. This can be used to...
python-werkzeug: high resource usage when parsing multipart form data with many fields
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...
python-werkzeug: high resource usage when parsing multipart form data with many fields
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...
python-werkzeug: high resource usage when parsing multipart form data with many fields
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...
keycloak: user impersonation via stolen uuid code
A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issu...
SUSE CVE-2008-4308
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request...
SUSE CVE-2013-2071
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...