515 matches found
RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...
XSS in Django
An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
Design/Logic Flaw
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
Django -- multiple vulnerabilities
Django security release reports: CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...
RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...
CVE-2020-11821
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...
CVE-2020-11821
The CVE-2020-11821 entry concerns Rukovoditel 2.5.2, where usernames and passwords are stored in cookies using URL encoding, base64 encoding, and hashing. The root cause is insecure credential handling in cookies, enabling an attacker to perform brute-force attacks to recover credentials. The con...
DEBIAN-CVE-2019-12524
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is...
UBUNTU-CVE-2019-12524
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is...
CVE-2019-12524
CVE-2019-12524 concerns Squid up to version 4.7 where the Cache Manager block relies on a url_regex rule that decodes incoming requests. An attacker can craft an encoded URL to bypass the url_regex check and access the blocked Cache Manager resource. Affects Squid’s request handling path and deco...
Denial Of Service
LibreOffice is vulnerable to denail of service DoS. It is possible because of an insufficient URL encoding flaw in allowed script location check...
RHEL 7 : libreoffice (RHSA-2020:1151)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1151 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...
CVE-2020-10688
A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...
Ruby on Rails: Missing resource identifier encoding may lead to security vulnerabilities
I initially submitted this to the GitHub repository because the ActiveResource repository is not listed in scope. I was redirected here by @rafaelfranca A number of methods in the ActiveResource library, such as ActiveResource::Basefind and ActiveResource::Baseexists? don't URL encode the resourc...
DEBIAN-CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...
CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...
CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...
Directory traversal
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...
CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...