179 matches found
CVE-2022-28664
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...
CVE-2022-32265
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...
CVE-2022-32265
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...
CVE-2022-32265
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...
Design/Logic Flaw
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...
CVE-2022-32265
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...
CVE-2022-32265
CVE-2022-32265 affects the qDecoder library prior to version 12.1.0. The root cause is improper URL decoding where a percent character may not be followed by two hex digits, leading to input validation gaps. Affected component: qDecoder (C/C++ CGI library). Impact is described as input validation...
Puppet Improper Access Control
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
GHSA-PQJ5-7R86-64FV Puppet Improper Access Control
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
curl: CVE-2022-27780: percent-encoded path separator in URL host
Summary: URL decoding the entire proxy string could lead to SSRF filter bypasses. For example, When the following curl specifies the proxy string http://example.com%2F127.0.0.1 - If curl URL parser or another RFC3986 compliant parser parses the initial string http://127.0.0.1%2F.example.com, it...
Directory traversal
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...
CVE-2021-43957
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...
UBUNTU-CVE-2021-21707
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
CVE-2021-21707 Special characters break path parsing in XML functions
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
oooooooq reports: The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names...
CentOS 8 : php:7.4 (CESA-2021:4213)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4213 advisory. - php: Use of freed hash key in the pharparsezipfile function CVE-2020-7068 - php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV...
RHEL 8 : php:7.4 (RHSA-2021:4213)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4213 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...
php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...
OS Command Injection in ohmyzsh/ohmyzsh
Description In Oh My Zsh, there is a function called omzurldecode, which is used to decode URLs. Since this function is using eval with user inputs without any sanitization, it's possible to inject arbitrary commands into the eval context, which allows an attacker to achieve the command injection...
openSUSE: Security Advisory for civetweb (openSUSE-SU-2021:1424-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...