17 matches found
EUVD-2016-2896
Malware in sbrugna...
EUVD-2019-7588
Malware in sbrugna...
PT-2025-41188
Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.02.5 Description A specially crafted shared deck on Windows can lead to the execution of arbitrary commands when playing audio due to improper handling of URL schemes. Recommendations Update to version 25.02.5 or late...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
WebArena 注入漏洞
WebArena is web-arena-x open source a code repository for building real web environments with autonomous agents. An injection vulnerability exists in WebArena version 0.2.0 and earlier, which stems from code injection due to incorrect manipulation of the parameter targeturl in the file...
SUSE CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...
Information Disclosure
tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run. This CVE exists due to an incomplete fix for CVE-2020-13953...
Information Disclosure
tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run...
URL Mishandling
Mailman is vulnerable to URL mishandling. The Utils.py:GetPathPieces allows attackers to display arbitrary text on trusted sites since it does not correctly handle the URL...
Moderate: Red Hat Security Advisory: mailman security and bug fix update
An update for mailman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2020-6948
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
CVE-2020-6948
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
Remote code execution
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...
vBulletin < 5.5.5 URL Mishandling Vulnerability
vBulletin mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2019-16393
CVE-2019-16393 affects SPIP web CMS: versions 3.1.x before 3.1.11 and 3.2.x before 3.2.5 mishandle redirect URLs in ecrire/inc/headers.php when encountering %0D, %0A, or %20 characters. Root cause is improper handling of redirect URLs, as described in multiple advisories. Practical impact details...
CVE-2018-19141
Open Ticket Request System OTRS 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled...
CVE-2016-1801
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors...