1332 matches found
SIPE s.r.l. WI400 跨站脚本漏洞
SIPE s.r.l. WI400 is a PHP language framework from SIPE s.r.l.. A security vulnerability exists in SIPE s.r.l. WI400 versions 8 through 11, which stems from a cross-site scripting XSS vulnerability found in the checklogin function. The vulnerability can be exploited by an attacker to inject a...
Debian: Security Advisory (DSA-2079-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
SUSE CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
SUSE CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...
SUSE CVE-2019-10354
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
SUSE CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
sinatra: Reflected File Download attack
A flaw was found in Sinatra, a domain-specific language for creating web applications in Ruby. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input...
The Gribbit Web Framework 访问控制错误漏洞
The Gribbit Web Framework is a new ultra-safe, ultra-simple, ultra-fast framework from Luke Hutchison's personal developer. It is used to build complex web applications using Java and other JVM languages. A security vulnerability exists in The Gribbit Web Framework, which originates in the functi...
horus 安全漏洞
horus is a Pyramid Web framework user registration and login system open-sourced by Pylons Project. A security vulnerability exists in Pylons horus. An attacker exploited the vulnerability to cause an observable time discrepancy...
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines
Gin is a HTTP web framework written in Go Golang. Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines...
CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...
Sinatra 安全漏洞
Sinatra is a DSL for easily creating web applications in Ruby. A security vulnerability exists in Sinatra version 2.0 up to and including version 2.2.3, and version 3.0 up to and including version 3.0.4, which stems from an application being vulnerable to a Reflected File Download RFD attack when...
CVE-2022-41919
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
Cross site request forgery (csrf)
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
CVE-2022-41919
CVE-2022-41919 : Fastify (web framework) is vulnerable to a CSRF risk due to bypass of Pre-Flight checks when requests use a non-JSON Content-Type (e.g., application/x-www-form-urlencoded, multipart/form-data, text/plain). This can bypass CORS protections and enable unauthorized cross-site action...
CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
CVE-2022-39288
CVE-2022-39288 affects the Fastify web framework for Node.js. The vulnerability arises in older Fastify versions (prior to 4.8.1) where a malicious Content-Type header can trigger a denial of service (application crash). The issue is addressed in commit fbb07e8d and the fix is planned for release...
CVE-2022-39284
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...
CVE-2022-39284
CodeIgniter 4 prior to v4.2.7 has a cookie handling bug where setting secure or HttpOnly (Config\Cookie) is not reflected in set_cookie() or Response::setCookie(), causing cookie values to be exposed to scripts. The vulnerability is limited to non-session cookies and does not affect sessions. Aff...