PT-2023-13664 · Unknown · Bluepage Cms

Name of the Vulnerable Software and Affected Versions: BluePage CMS versions 3.9 and earlier Description: The issue allows MySQL Injection in the User-Agent field using a Time-based blind SLEEP payload due to insufficient sanitization of HTTP Headers. Recommendations: For BluePage CMS versions 3....

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop eotags versions prior to 1.3.0, which stems from a vulnerabili...

SUSE CVE-2008-1168

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...

ChiKoi 1.0 SQL Injection

Title: ChiKoi-1.0 SQLi Author: nu11secur1ty Date: 01.12.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi Description: The...

GHSA-54W6-VXFH-FW7F Http4s improperly parses User-Agent and Server headers

Impact The User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. v0.21.x scala val unsafe: OptionUser-Agent = req.headers.getUser-Agent...

PT-2023-18517 · Http4S · Http4S

Name of the Vulnerable Software and Affected Versions: Http4s versions 0.1.0 through 0.21.33 Http4s versions 0.22.0 through 0.22.14 Http4s versions 0.23.0 through 0.23.16 Http4s versions 1.0.0-M0 through 1.0.0-M37 Description: The User-Agent and Server header parsers in Http4s are susceptible to ...

Backdoor.Win32.Delf.gj MVID-2022-0663 Information Disclosure

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8872c2ec49ff3382240762a029631684.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Backdoor.Win32.Delf.gj Vulnerability: Information...

Design/Logic Flaw

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

CVE-2022-29169 ReDoS on endpoint html5client/useragent in BigBlueButton

BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...

GHSA-3HW2-H67C-WQ66 Uncontrolled Recursion in Akka HTTP

Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

GHSA-83M2-9G78-RRJ4 Apache Ranger Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

CVE-2022-24573

A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

Session fixation

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

OIC Exponent CMS 跨站脚本漏洞

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports editing directly in the page and provides user management, site configuration, content editing and other functions. oic Exponent CMS has a cross-site scripting vulnerability,...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)

An update is now available for OpenShift Logging 5.2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.3.3)

An update is now available for OpenShift Logging 5.3.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.1.7)

An update is now available for OpenShift Logging 5.1.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...