1248 matches found
WordPress plugin Accept Donations with PayPal 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
CVE-2021-21682
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows...
WordPress Accept Donations with PayPal plugin <= 1.3 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Post Deletion
Cross-Site Request Forgery CSRF leading to Arbitrary Post Deletion discovered by dc11 in WordPress Accept Donations with PayPal plugin versions = 1.3. Solution Update the WordPress Accept Donations with PayPal plugin to the latest available version at least 1.3.1...
jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...
Charity Management System CMS 1.0 - Multiple Vulnerabilities
Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...
OPENSUSE-SU-2021:1125-1 Security update for aria2
This update for aria2 fixes the following issues: Update to version 1.35.0: Drop SSLv3.0 and TLSv1.0 and add TLSv1.3 TLSv1.3 support is added for GNUTLS and OpenSSL. Platform: Fix compilation without deprecated OpenSSL APIs Remove linux getrandom and use C++ stdlib instead Don't send Accept...
PT-2021-9421 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress plugin versions prior to 3.2.6.9 for WordPress Description: The issue allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. Recommendations: For versions prio...
Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)
Exploit Title: Linux/x86 - Bind User Specified Port Shell /bin/sh Shellcode 102 bytes Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 Bind Shell /bin/sh with dynamic port binding Null-Free Shellcode 102 bytes Usage: gcc -z execstack -o bindshell bindshell.c ./bindshell 7000 Binding to 7000...
jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...
jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...
jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...
jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...
DEBIAN-CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...
UBUNTU-CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...
CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...
Ruby 资源管理错误漏洞
Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the individual developer, Yukihiro Matsumoto. A resource management error vulnerability exists in Ruby. The vulnerability is caused due to a "post-sale use" error in "operation scheduling", which allows remote...
OESA-2021-1166 jetty security update
%global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Mime type parser of Action Dispatch due to the vulnerable regular expression MIMEREGEXP. Carefully crafted Accept headers can lead to catastrophic backtracking in the mime type parser...
GHSA-G8WW-46X2-2P65 Denial of Service in Action Dispatch
Impact ------ There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Releases -------- The fixed releases are available at the norm...
Possible Denial of Service vulnerability in Action Dispatch
There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2021-22902. Versions Affected: = 6.0.0 Not affected: \sMIMEPARAMETER\s\z/ end end...