Lucene search
K

124 matches found

RedHat Linux
RedHat Linux
added 2021/05/11 11:31 p.m.8 views

istio/istio: HTTP request with escaped slash characters can bypass authorization mechanisms

An authorization bypass flaw was found in Istio. This flaw allows an attacker to craft an HTTP request that defines a certain pattern of escaped characters in the URI path such as %2F, %2f, %5C, or %5c, allowing them to bypass the authorization service. The highest threat from this vulnerability ...

6.5CVSS5.8AI score0.01174EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2021/05/11 8:55 p.m.32 views

CVE-2021-31920

An authorization bypass flaw was found in Istio. This flaw allows an attacker to craft an HTTP request that defines a certain pattern of escaped characters in the URI path such as %2F, %2f, %5C, or %5c, allowing them to bypass the authorization service. The highest threat from this vulnerability ...

8.3CVSS3.6AI score0.68383EPSS
Exploits1References4
Hacker One
Hacker One
added 2021/02/19 7:33 p.m.44 views

CS Money: Blind Based SQL Injection in 3d.sc.money

Greetings, Hope Y'all good and fine! Summary: I found a Boolean Blind based SQL Injection in your website = 3d.cs.money It's a URI path injection. The vulnerability tested on the Original IP behind the CloudflareWAF and I've already reported this in my other report 1105673 The Affected URI :...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/12/16 3:21 p.m.4 views

OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.3AI score0.0217EPSS
Exploits0References4
OSV
OSV
added 2020/12/01 4:15 p.m.1 views

CVE-2020-28971

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths...

9.8CVSS7.4AI score0.03785EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/10/26 9:12 p.m.5 views

OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.3AI score0.0217EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/26 8:2 p.m.4 views

OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.3AI score0.0217EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/26 8:2 p.m.92 views

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.8CVSS6.4AI score0.03713EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/10/22 4:13 p.m.5 views

OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

4.3CVSS7.3AI score0.0217EPSS
Exploits0References4
CNVD
CNVD
added 2020/09/27 12:0 a.m.4 views

Observium cross-site scripting vulnerability (CNVD-2020-62448)

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject and store malicious JavaScript code via...

6.1CVSS6.5AI score0.007EPSS
Exploits1References1
Hacker One
Hacker One
added 2020/09/17 4:52 p.m.24 views

U.S. Dept Of Defense: RXSS Via URI Path - https://██████████/

Hello All I Found RXSS in your OWN Website Steps To Reproduce Go to This Link https://██████/Orders/A%22onerror='alert%60xElkomy%60'testabcd/Login.aspx?ReturnUrl=/Orders Browsers I test them on Firefox and Google Chrome. Fix:- Filter input on arrival Encode data on output Use appropriate response...

2.2AI score
Exploits0
Hacker One
Hacker One
added 2020/07/08 8:21 p.m.43 views

Mail.ru: Open Redirect at "city-mobil.ru"

Open redirection in city-mobil.ru via URI path with '@'...

2.5AI score
Exploits0
CNVD
CNVD
added 2020/03/20 12:0 a.m.2 views

Unspecified Vulnerability in ASUSWRT

ASUSWRT is a firmware from Asus Taiwan, China that runs in its routers. A security vulnerability exists in ASUSWRT version 3.0.0.4.384.20308. An attacker can exploit this vulnerability to cause a denial of service with the help of /APPInstallation.asp?= URI...

7.8CVSS6.7AI score0.01408EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2020/03/20 12:0 a.m.34 views

Python -- multiple vulnerabilities

Python reports: gh-95778: Converting between int and str in bases other than 2 binary, 4, 8 octal, 16 hexadecimal, or 32 such as base 10 decimal now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic...

7.5CVSS0.4AI score0.03379EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/17 12:0 a.m.2 views

Kyocera ECOSYS M5526CDW Buffer Overflow Vulnerability (CNVD-2020-20975)

The Kyocera ECOSYS M5526CDW is a multifunction printer from Kyocera Japan. A buffer overflow vulnerability exists in the URI path of the Web application in the Kyocera ECOSYS M5526CDW version 2R72000.001.701, which can be exploited by an attacker to cause a denial of service and execute arbitrary...

10CVSS7.6AI score0.02653EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/02/15 7:35 p.m.38 views

Mail.ru: XSS

Reflected XSS in vseapteki.ru via URI path...

3.1AI score
Exploits0
Prion
Prion
added 2018/07/09 5:29 p.m.17 views

Directory traversal

Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and ...

6.4CVSS7.5AI score0.02632EPSS
Exploits3References2Affected Software32
0day.today
0day.today
added 2018/05/07 12:0 a.m.44 views

WordPress User Role Editor Plugin < 4.25 - Privilege Escalation Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress...

0.3AI score
Exploits0
Prion
Prion
added 2017/04/11 3:59 p.m.18 views

Directory traversal

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path...

6.8CVSS5.8AI score0.10704EPSS
Exploits4References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2016/06/16 12:0 a.m.24 views

Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)

A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...

4.3CVSS6.4AI score0.03203EPSS
Exploits1
Rows per page
Query Builder