Lucene search
+L

141 matches found

pypa
pypa
added 2023/12/07 5:15 a.m.6 views

PYSEC-2023-260

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

6.5CVSS5.7AI score0.01649EPSS
Exploits1References4Affected Software1
githubexploit
githubexploit
added 2023/11/24 10:30 a.m.115 views

Exploit for Unsafe Reflection in Hsqldb Hypersql_Database

Research into CVE-2022-41853: Using static functions to obtian...

9.8CVSS8.8AI score0.03519EPSS
Exploits1
veracode
veracode
added 2023/08/06 10:4 p.m.24 views

Unsafe Reflection

thunderbird is vulnerable to Unsafe Reflection. This results in possible spoofing attacks since the website obscures fullscreen notifications using a URL scheme handled by an external program...

6.5CVSS6.7AI score0.00739EPSS
Exploits0References9Affected Software3
osv
osv
added 2023/06/06 4:46 p.m.19 views

GHSA-86H2-2G4G-29QX avo possible unsafe reflection / partial DoS vulnerability

Summary The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. Details After reviewing th...

8.3CVSS8.6AI score0.0161EPSS
Exploits1References6
github
github
added 2023/06/06 4:46 p.m.22 views

avo possible unsafe reflection / partial DoS vulnerability

Summary The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. Details After reviewing th...

8.8CVSS7.1AI score0.0161EPSS
Exploits1References6Affected Software1
vulnrichment
vulnrichment
added 2023/06/05 10:16 p.m.14 views

CVE-2023-34102 Possible unsafe reflection / partial denial of service in avo

Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes...

8.3CVSS7.3AI score0.0161EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2023/05/31 12:0 a.m.10 views

CVE-2023-32217 SailPoint IdentityIQ Unsafe use of Reflection Vulnerability

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

9CVSS8.1AI score0.00628EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 5:57 a.m.5 views

SUSE CVE-2010-3553

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Octobe...

10CVSS6.4AI score0.049EPSS
Exploits0References11
susecve
susecve
added 2023/02/15 4:19 a.m.4 views

SUSE CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

4.9CVSS8.9AI score0.04767EPSS
Exploits0References8
zdi
zdi
added 2023/01/18 12:0 a.m.55 views

Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not properly restrict a user-supplied argument...

8.8CVSS7.5AI score0.01497EPSS
Exploits0References1
nessus
nessus
added 2021/10/05 12:0 a.m.18 views

Rails Unsafe Reflection

Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller MVC architectural pattern. Ruby On Rails provides a method called constantize which allows developers to dynamically find a constant by using a string. The most common usage of this method is to...

8.1AI score
Exploits0References3
zdt
zdt
added 2021/07/16 12:0 a.m.620 views

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

9.8CVSS0.7AI score0.99999EPSS
Exploits13
githubexploit
githubexploit
added 2021/06/04 1:15 a.m.29 views

Exploit for Unsafe Reflection in Vmware Vcenter_Server

No d...

10CVSS5.4AI score0.99999EPSS
Exploits13
ibm
ibm
added 2021/04/16 3:46 p.m.38 views

Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There is various type of vulnerabilities in Bouncy Castle that affect Apache Solr. The list can be found at Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute...

9.8CVSS0.4AI score0.04767EPSS
Exploits0Affected Software1
altlinux
altlinux
added 2021/04/14 12:0 a.m.23 views

Security fix for the ALT Linux 9 package glpi version 9.5.4-alt1

9.5.4-alt1 built April 14, 2021 Pavel Zilke in task 269862 March 31, 2021 Pavel Zilke - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS...

5CVSS6AI score0.02252EPSS
Exploits5
packetstorm
packetstorm
added 2021/03/08 12:0 a.m.709 views

GLPI 9.5.3 Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

7.1AI score0.02252EPSS
Exploits4
zdt
zdt
added 2021/03/08 12:0 a.m.92 views

GLPI 9.5.3 - (fromtype) Unsafe Reflection Vulnerability

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical advisories:...

7.5CVSS0.3AI score0.02252EPSS
Exploits4
exploitdb
exploitdb
added 2021/03/08 12:0 a.m.400 views

GLPI 9.5.3 - 'fromtype' Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

7.5CVSS7.6AI score0.02252EPSS
Exploits4
osv
osv
added 2018/10/17 4:23 p.m.12 views

GHSA-4446-656P-F54G Deserialization of Untrusted Data in Bouncy castle

Legion of the Bouncy Castle Java Cryptography APIs starting in version 1.57 and prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an...

9.8CVSS7.2AI score0.04767EPSS
Exploits0References16
mageia
mageia
added 2018/09/20 11:17 p.m.91 views

Updated bouncycastle packages fix security vulnerabilities

Updated bouncycastle packages fix security vulnerabilities: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of...

9.8CVSS1.1AI score0.24282EPSS
Exploits0References4
Rows per page
Query Builder