1332 matches found
CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...
dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
.NET Core and Visual Studio Denial of Service Vulnerability...
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...
Apache Tapestry 安全漏洞
Apache Tapestry is a web application framework written in the Java language from the Apache Foundation, U.S. A denial-of-service vulnerability exists in versions of Apache Tapestry prior to 5.8.1, which stems from a vulnerability in the way content types are handled to improper regular expression...
The vulnerability of the outputFunctionName function in the Node.js web application framework allows a attacker to execute arbitrary commands.
The vulnerability of the outputFunctionName function in the Node.js web application framework is related to incorrect elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
ZEIT Next.js NextAuth.js 跨站脚本漏洞
ZEIT Next.js is a ZEIT company based on Vue.js, Node.js, Webpack and Babel.js open source web application framework . NextAuth.js is Next.js authentication . ZEIT Next.js NextAuth.js suffers from a cross-site scripting vulnerability. The vulnerability stems from the program's lack of data...
Jfinal CMS SQL Injection Vulnerability (CNVD-2022-58382)
Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS version v5.1.0 has a SQL injection vulnerability that originates from...
Unauthorized view fragment access in Jenkins
Jenkins uses the Stapler web framework to render its UI views. These views are frequently composed of several view fragments, enabling plugins to extend existing views with more content. Before SECURITY-534 was fixed in Jenkins 2.186 and LTS 2.176.2, attackers could in some cases directly access ...
Elefant CMS Code Issues Vulnerabilities
Elefant CMS is a simple PHP content management system and web framework by Canadian John de Plume, an individual developer. A security vulnerability exists in Elefant CMS version 1.3.12-RC, which stems from unknown functionality in file/filemanager/upload/drop for component file uploads. A remote...
Jenkins 2.335 < 2.356 Information Disclosure Vulnerability (SECURITY-2777) - Linux
Jenkins is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Elefant CMS Cross-Site Request Forgery Vulnerability (CNVD-2022-58960)
Elefant CMS is a PHP content management system and web framework. A cross-site request forgery vulnerability exists in Elefant CMS version 1.3.12-RC, which can be exploited by an attacker to perform a cross-site request forgery attack...
Stack overflow
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: curl -d "array00array00array$for f in $seq 1100; do echo -n '00array'; donestring0=hello%20world"...
[SECURITY] [DLA 3048-1] python-bottle security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-3048-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta June 09, 2022 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
编号撤回
Laravel is a PHP Web development framework PHP Web Framework. A command execution vulnerability exists in Laravel that can be exploited by an attacker to perform remote code execution RCE...
CVE-2022-31019
Vapor (Swift) contains a DoS in URLEncodedFormDecoder used during automatic content decoding. The vulnerability arises from unbounded attacker-controlled stack growth in decoding requests, potentially causing a stack overflow and server crash. It affects Vapor versions prior to 4.61.1. The adviso...
CVE-2022-31018
CVE-2022-31018 affects Play Framework forms library (versions 2.8.3–2.8.15) for Java/Scala. The vulnerability is triggered when binding deeply nested JSON via Form.bindFromRequest or Form.bind on a JSON value, which may exhaust heap memory and crash the app (OutOfMemoryError) if run on the defaul...
UBUNTU-CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding...
CVE-2022-31005
CVE-2022-31005 affects the Vapor HTTP framework for Swift prior to 4.60.3 when FileMiddleware is enabled. The issue is an integer overflow in the middleware that can crash the application. Version 4.60.3 includes a patch; a workaround is to disable FileMiddleware and serve assets via a CDN. Affec...
Jfinal CMS SQL Injection Vulnerability
Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...
SQL Injection
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...