104 matches found
Hiawatha security vulnerabilities
Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by improper header parsing. Thi...
CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)
HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...
JLSEC-2025-1 CR/LF injection in URIs.jl (also affects HTTP.jl)
Description The URIs.jl and HTTP.jl packages allowed the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. With this simple Julia code, you can inject a custom header named Foo with the value bar: juli...
EUVD-2018-0639
Malware in sbrugna...
EUVD-2016-1317
Malware in sbrugna...
EUVD-2023-32977
Malicious code in bioql PyPI...
EUVD-2024-45978
Malicious code in bioql PyPI...
EUVD-2024-45977
Malicious code in bioql PyPI...
EUVD-2022-1446
Malicious code in bioql PyPI...
BIT-LIBPYTHON-2020-26116
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...
Dnn.Platform 跨站脚本漏洞
Dnn.Platform is an open source web content management platform CMS open sourced by Dnn Software. A cross-site scripting vulnerability exists in Dnn.Platform versions prior to 10.0.1, which stems from a specially crafted request injection script that could lead to a cross-site scripting attack...
CVE-2024-52944
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...
CVE-2024-29155
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...
CVE-2024-52943
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...
CVE-2023-24497
Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...
CVE-2024-39785
Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...
CVE-2024-39788
Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...
CVE-2024-52944
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...
CVE-2024-52944
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...
CVE-2024-52943
The connected sources provide concrete details for CVE-2024-52943: Veritas Enterprise Vault (pre-15.1 UPD882911) has an issue in the HTMLView endpoint where an authenticated remote attacker can inject a parameter into an HTTP request, causing Cross-Site Scripting (XSS) when viewing archived conte...