httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix versions 6.4.15 and 7.0.0rc2, which stems from the fact that an administrator with restricted...

CVE-2024-22116

CVE-2024-22116 affects Zabbix: an administrator with restricted permissions can abuse the Script Execution feature in the Monitoring Hosts section by exploiting the Ping script’s parameters, due to missing default escaping. This leads to arbitrary code execution and infrastructure compromise. Pub...

Microweber add_tagging_tagged.php file cross-site scripting vulnerability

Microweber is Microweber open source can provide drag and drop functionality of the online store management system . The system includes adding products , images and other modules. microweber version 2.0.16 cross-site scripting vulnerability , the vulnerability stems from...

Microsoft Dynamics 365 (on-premises) cross-site scripting vulnerability (CNVD-2024-40538)

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. It is used for financial management, production management and business intelligence management. Microsoft Dynamics 365 on-premises suffers from a cross-site scripting vulnerability tha...

K000140620: Apache HTTPD vulnerabilities CVE-2024-38474 and CVE-2024-38475

Security Advisory Description CVE-2024-38474 Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to b...

K000140618: Apache HTTPD vulnerability CVE-2024-38476

Security Advisory Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60,...

PT-2024-5722 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue exists due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this...

microweber 安全漏洞

Microweber is Microweber open source can provide drag and drop functionality of the online store management system . The system includes adding products , images and other modules. microweber 2.0.16 version of a cross-site scripting vulnerability , the vulnerability stems from...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

CVE-2024-41819 Note Mark has a stored XSS in the note link href attribute

Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...

Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application from the individual developer Leo Spratt. A security vulnerability exists in Note Mark version 0.13.0 and prior versions. An attacker could exploit this vulnerability to execute arbitrary web script by injecting a specially crafted payload...

Arbitrary Script Execution

anki is vulnerable to Arbitrary Script Execution. The vulnerability is due to inadequate validation and handling of flashcard content in the MPV functionality, allowing an attacker to send a malicious flashcard that can trigger arbitrary code execution...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition and GitLab Community Edition have a security vulnerability. ...

CVE-2024-22444

A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...