CVE-2021-38263

Cross-site scripting XSS vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script...

PT-2022-10703 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions prior to 7.3.2 Liferay DXP versions prior to 7.0 fix pack 101 Liferay DXP versions prior to 7.1 fix pack 20 Liferay DXP versions prior to 7.2 fix pack 10 Description: A cross-site scripting XSS issue exists in the Serv...

CVE-2018-25021

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...

CVE-2021-25833

A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...

CVE-2021-25833

A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...

EDK2 Code Issue Vulnerability

EDK2 is a set of cross-platform firmware development environments based on UEFI and PI specifications from the TianoCore Tianocore community. Tianocore Edk2 is vulnerable to code issues affecting the following products and versions: Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Ubuntu...

The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module is related to incorrect restrictions on XML links to external objects, allowing attackers to execute XXE attacks.

The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute an XXE attack remotely...

The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module, related to the lack of security measures for the website structure, allows attackers to execute cross-site scripting attacks.

The vulnerability of the Jenkins RapidDeploy Plugin’s connected server module exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Design/Logic Flaw

Improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Modul...

CVE-2020-5657

Improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Modul...

Unspecified vulnerability in hubl-server module

The hubl-server module is a module for installing a hudl server. A security vulnerability exists in the hubl-server module that originates from a program using the HTTP protocol to download resources. An attacker can exploit this vulnerability to execute code on the system...

Code injection

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

Node.js third-party modules: [m-server] Path Traversal allows to display content of arbitrary file(s) from the server

I would like to report Path Traversal in m-server module. It allows to read content of any arbitrary file from the server where m-server is installed and run. Module module name: m-server version: 1.4.0 npm page: https://www.npmjs.com/package/m-server Module Description M-Server is a mini http...

mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing

It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...

subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash...

mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing

It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...

mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing

It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...

Null pointer dereference

The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a REPORT request for a resource that does not exist...

CVE-2014-3580

CVE-2014-3580 affects the mod_dav_svn component of Apache Subversion (1.x) prior to 1.7.19 and 1.8.x prior to 1.8.11. A remote attacker can trigger a NULL pointer dereference via a REPORT request for a non-existent resource , causing a denial of service and server crash. Connected sources documen...

CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...