Lucene search
K

124 matches found

Prion
Prion
added 2023/12/22 9:15 p.m.17 views

Path traversal

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

1.7CVSS7.2AI score0.00376EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/12/22 9:15 p.m.3 views

UBUNTU-CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

6CVSS6AI score0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/22 9:3 p.m.48 views

CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

6CVSS6.2AI score0.00376EPSS
Exploits0References3
OSV
OSV
added 2023/12/22 9:3 p.m.50 views

CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

6CVSS5.4AI score0.00881EPSS
Exploits1References5
OSV
OSV
added 2023/12/21 11:16 p.m.59 views

GHSA-557V-XCG6-RM5M Potential URI resolution path traversal in the AWS SDK for PHP

Impact Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in thebuildEndpoint method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The buildEndpoint method relies on the Guzz...

6CVSS4.8AI score0.00881EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/12/21 11:16 p.m.26 views

Potential URI resolution path traversal in the AWS SDK for PHP

Impact Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in thebuildEndpoint method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The buildEndpoint method relies on the Guzz...

6CVSS6.6AI score0.00376EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2023/11/28 5:25 p.m.22 views

Mars: Blind SQL Injection on █████ via URI Path

The vulnerability involved a time-based SQL injection attack on the target system via the URI path. The attack capitalized on vulnerabilities in the application's interactions with the database, allowing the attacker to extract information by purposefully delaying database processing and observin...

8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.22 views

Fedora 39 : pypy3.10 (2023-ddde191e04)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ddde191e04 advisory. Automatic update for pypy3.10-7.3.12-1.3.10.fc39. Changelog Wed Jul 26 2023 Miro Hronok - 7.3.12-1.3.10 - Initial PyPy 3.10 package Wed Jul 26 2023...

8CVSS7.5AI score0.20459EPSS
Exploits4References4
Veracode
Veracode
added 2023/09/18 11:45 a.m.20 views

Cross Site Scripting (XSS)

cecilapp/cecil is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is caused by not sanitizing and escaping special characters in the request URI path for the Cecil site generated by cecil serve when 404.html is not configured. This can lead to unauthenticated remote attackers...

6.1CVSS6.7AI score0.00446EPSS
Exploits1References4Affected Software1
Huntr
Huntr
added 2023/09/07 12:33 p.m.20 views

Reflected Cross-Site Scripting (XSS) vulnerability in the dynamic 404 page

Description When running a Cecil site by cecil serve without a 404.html, Reflected Cross-Site Scripting XSS is possible via the URI path. Proof of Concept Run the following commands: mkdir cecil-404-xss-poc cd cecil-404-xss-poc curl -L https://cecil.app/cecil.phar -o cecil chmod +x cecil ./cecil...

5.8CVSS5.9AI score0.00446EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2023/07/31 9:33 a.m.4 views

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS6.9AI score0.01036EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/20 1:6 p.m.6 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/20 12:19 p.m.6 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/20 12:18 p.m.5 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/20 12:11 p.m.6 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/19 5:29 p.m.6 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/19 5:29 p.m.4 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/19 5:28 p.m.4 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/19 5:27 p.m.5 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/19 5:24 p.m.5 views

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS7.2AI score0.01316EPSS
Exploits0References4
Rows per page
Query Builder