DEBIAN-CVE-2016-8622

The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get...

CVE-2016-8622

The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get...

Serve Information Disclosure Vulnerability

serve is an HTTP server for deploying single page applications. A security vulnerability exists in serve, which stems from the program not handling URL encoding correctly. The vulnerability can be exploited to disclose information via directory listings...

phpmyadmin4.8.1后台getshell

官网下载的最新版，文件名是phpMyAdmin-4.8.1-all-languages.zip 问题就出现在了 /index.php 找到5563行 第61行出现了 include $REQUEST'target'; 很明显这是LFI的前兆，我们只要绕过5559的限制就行 第57行限制 target 参数不能以index开头 第58行限制 target 参数不能出现在 $targetblacklist 内 找到 $targetblacklist 的定义： 就在 /index.php 的第50行 只要 target 参数不是 import.php 或 export.php...

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise ...

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

Code injection

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

CVE-2018-3718

CVE-2018-3718 affects the serve node module and is caused by improper handling of URL encoding, which can permit access to ignored/restricted files when a filename is URL encoded. Connected advisories/documentation (GHSA-5RC4-8QQH-VQ7F; OSV, NVD/CVE record) describe this as a directory traversal-...

CVE-2017-16224

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a...

CVE-2017-0370

CVE-2017-0370 relates to MediaWiki and is caused by a failure of the spam blacklist to block encoded URLs in the file inclusion syntax’s link parameter. Affected software is MediaWiki versions prior to 1.28.1, 1.27.2, and 1.23.16. The impact is that encoded URLs can bypass the blacklist, potentia...

Node.js third-party modules: [serve] Directory listing and File access even when they have been set to be ignored.

Module: - Name: serve - Version: latest 6.4.9 - Link: https://www.npmjs.com/package/serve Description: The serve modules allows directory browsing and to serve static files through the browser. The config option ignore can be used to tell the module which file or directory are forbidden and shoul...

Cross-site Scripting (XSS)

Apache Sling XSS is vulnerable to cross-site scripting XSS attacks. The application does not properly encode or escape URLs, allowing a malicious user to inject and execute arbitrary Javascript...

Code injection

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImplgetValidHref and org.apache.sling.xss.impl.XSSFilterImplisValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API...

CVE-2017-15717

CVE-2017-15717 involves a flaw in URL escaping/encoding in the Apache Sling XSS Protection API. The issue resides in org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref, allowing specially crafted URLs to pass as valid despite carrying XSS pay...

Valve: Link filter protection bypass

Description Hi, there is a protection bypass in the linkfilter function. By using the character 。 %E3%80%82 url encoded instead of a normal dot in urls, it is possible to bypass the blocking. PoC Normal request : https://steamcommunity.com/linkfilter/?url=pornhub.com F240919 Bypass :...

Starbucks: Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)

Hi guys, I am now able to prove my concerns from 227486 see my last comment. "s are still not correctly encoded when rendered into the page in the element on almost any https://starbucks.co.uk/ page. The WAF is bypassed by encoding "s as %2522 in the URL path. This won't work when the payload is...

CVE-2017-8760

An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...

Cross site scripting

An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...