quarkus: HTTP security policy bypass

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized...

Solarwinds Serv-U Web Client 输入验证错误漏洞

The Solarwinds Serv-U Web Client is an HTTP-based file transfer client from SolarWinds USA that is available to all users on licensed Serv-U file servers. An input validation error vulnerability exists in the Solarwinds Serv-U Web Client that stems from the Serv-U web login interface allowing...

CVE-2021-37124

There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain...

CVE-2019-6739

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handle...

httpd: mod_rewrite allows terminal escape sequences to be written to the log file

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...