xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

Apache Traffic Server Environment Issue Vulnerability (CNVD-2021-70101)

An environmental issue vulnerability exists in Apache Traffic Server ATS, a set of scalable HTTP proxy and caching servers from the Apache Foundation, which stems from a failure to properly handle URL data segments. An attacker could exploit this vulnerability to affect the cache of the target...

CVE-2020-6799

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that...

CVE-2020-6799

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that...

CVE-2020-6799

CVE-2020-6799 is a vulnerability in Mozilla Firefox where command line arguments could be injected during Firefox invocation when Firefox is the default handler for non-default filetypes and a downloaded file is opened by a third‑party application that does not sanitize URL data. The issue could ...

CVE-2020-6799

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that...

CVE-2020-6799

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that...

CVE-2018-1470

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688...

XSS Vulnerability in JIRA Issue Export

A search endpoint is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and load balancers will decode URL data by default. see http://stackoverflow.com/questions/31266629/nginx-encoding-normalizing-part-of-uri...

Design/Logic Flaw

QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file...

Mozilla URL token stealing flaw

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original UR...

Mozilla URL token stealing flaw

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original UR...

CVE-2004-2712

Buffer overflow in Gyach Enhanced Gyach-E before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service crash via unspecified vectors related to "URL data."...

Apache Tomcat Manager和Host Manager上传跨站脚本漏洞

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat包含的管理和主机管理WEB应用程序不正确处理URL数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 提交恶意POST请求，由于不充分过滤，可导致提交恶意脚本代码作为参数，当其他用户解析时可泄露敏感信息。 Apache Tomcat 6.0.13 Apache Tomcat 6.0.12 Apache Tomcat 6.0.11 Apache Tomcat 6.0.10 Apache Tomcat 6.0.9 Apache Tomcat 6.0.8 Apache Tomcat...

CVE-2004-2712

Buffer overflow in Gyach Enhanced Gyach-E before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service crash via unspecified vectors related to "URL data."...