193 matches found
Mozilla Firefox ESR < 102.3
The version of Firefox ESR installed on the remote Windows host is prior to 102.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-41 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...
Glassdoor: Web Cache Poisoning leads to XSS and DoS
@nokline and @bombon were able to utilize URL parser confusion in combination with reflected XSS under https://glassdoor.com/Job/ and https://glassdoor.com/mz-survey/interview/collectQuestionsinput.htm/ by caching XSS payloads via cookie and header params into a stored XSS for URLs /Award/ and...
parse-url cross-site scripting vulnerability
parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...
parse-url information disclosure vulnerability
parse-url is an advanced url parser with git url support. An information disclosure vulnerability exists in versions of parse-url prior to 7.0.0, which can be exploited by attackers to expose sensitive information to unauthorized participants...
Malicious code in url-parser-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9b288704fb7ef9f7e3c52cb6d93f33ce2a44c0a9c2ba95678720f0156a23ebf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
ALPINE-CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
Design/Logic Flaw
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
CVE-2022-27780
CVE-2022-27780 affects curl: the URL parser can wrongly decode percent-encoded separators in the host portion, causing a URL like http://example.com%2F127.0.0.1/ to be interpreted as http://example.com/127.0.0.1/, potentially bypassing filters. Affected software is curl (core library). The flaw’s...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...
Cross-site Scripting (XSS)
curl is vulnerable to cross-site scripting. The vulnerability exists due to the curl URL parser wrongly accepts percent-encoded URL separators like / when decoding the host name part of a URL which allows an attacker to inject and execute arbitrary javascript...
FreeBSD : curl -- Multiple vulnerabilities (11e36890-d28c-11ec-a06f-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 11e36890-d28c-11ec-a06f-d4c9ef517024 advisory. - Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an...
CURL-CVE-2022-27780 percent-encoded path separator in URL host
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the hostname part of a URL, making it a different URL using the wrong hostname when it is later retrieved. For example, a URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5412-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5412-1 advisory. Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this iss...
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-131-01)
The version of curl installed on the remote host is prior to 7.83.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-131-01 advisory. - libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have...
curl 代码问题漏洞
curl is a tool used to transfer data from or to a server. A code issue vulnerability exists in curl, which arises from the URL parser incorrectly accepting percentage-encoded URL separators when decoding the hostname portion of a URL...
CVE-2022-27780
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...