CVE-2019-18955

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019...

CVE-2019-18955

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019...

CVE-2019-18955

Affected product: Lansweeper Web Console (version 7.2.105.2). Vulnerability: Cross-Site Scripting (XSS) via the URL path, stemming from improper handling of client-side data in the web console. Impact as described in sources is limited to client-side script execution; no server-side compromise de...

httpd: URL normalization inconsistency

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

Directory Traversal

flow-server is vulnerable to directory traversal. The attack is possible due to a lack of proper validation of URL path in StaticFileServer, allowing an attacker to inject ../ characters into in parameters to access resources outside of the web root...

Cross-site Scripting (XSS)

iobroker.web is vulnerable to cross-site scripting XSS. The attack is possible because it does not sanitize the characters in the URL path, allowing an attacker to inject arbitrary script through it...

CVE-2019-10771

Characters in the GET url path are not properly escaped and can be reflected in the server response...

CVE-2019-10771

Characters in the GET url path are not properly escaped and can be reflected in the server response...

Design/Logic Flaw

Characters in the GET url path are not properly escaped and can be reflected in the server response...

httpd: URL normalization inconsistency

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

CVE-2019-18209

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...

URL path traversal allows information disclosure - CVE-2019-15004

URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...

URL path traversal allows information disclosure - CVE-2019-15004

URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...

Directory Traversal

larvitrouter is vulnerable to directory traversal. Lack of validation in the URL path of requests in the resolve function allows remote attacker to access files outside of the route root using the ../ characters...

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

FreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)

Python changelog : bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...

The vulnerability of the HttpFoundation component in the Symfony framework, related to errors in handling HTTP headers, allows attackers to compromise the integrity of protected data.

The vulnerability of the HttpFoundation component in the Symfony framework is related to the support for the IIS header, which allows users to override the URL path through the X-Original-URL or X-Rewrite-URL headers. Exploiting this vulnerability enables an attacker to compromise the integrity o...

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

Cross site scripting

Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names...