14 matches found
BIT-ELASTICSEARCH-2023-31419 Elasticsearch StackOverflow vulnerability
A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...
CVE-2023-31419
A flaw was found in Elasticsearch. This issue affects the search API that allowed a specially crafted query string to cause a stack overflow and, ultimately, a denial of service...
CVE-2023-31419
A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...
CVE-2023-31419
A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...
Stack overflow
A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...
CVE-2023-31419
A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...
CVE-2023-31419
CVE-2023-31419 affects Elasticsearch via the _search API, where a crafted query string can trigger a stack-based buffer overflow, leading to denial of service. Publicly referenced materials confirm the flaw and its DoS impact, with CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Exploitatio...
poderato.com XSS vulnerability
Vulnerable URL: http://www.poderato.com/search?query=%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1311714 VI...
Remote Code Execution (RCE)
Elasticsearch is vulnerable to arbitrary code execution. This is because dynamic scripting is enabled by default, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search...
CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor’s intended security policy if the user does not run...
Fedora Core 4 : firefox-1.0.6-1.1.fc4 (2005-605)
Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox handled synthetic events. It is possible that Web content could generate events such as keystrokes or mouse clicks that could be used to steal data or execute malicious JavaScript code. The Common Vulnerabilities an...
CVE-2005-2264
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...
CVE-2005-2264
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...
CVE-2005-1158
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...