1248 matches found
LiveZilla Server Cross-Site Scripting Vulnerability (CNVD-2019-21246)
LiveZilla is a free online customer service system, based on PHP architecture, can run on Linux hosts or windows hosts, mainly divided into the client, server and server side LiveZilla Server. LiveZilla Server 8.0.1.1 before the version of mobile/index.php there is a cross-site scripting...
CVE-2019-12962
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...
CVE-2019-12962
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...
Design/Logic Flaw
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header...
CVE-2019-12962
LiveZilla Server (8.0.1.0 and earlier) is vulnerable to a reflected XSS in mobile/index.php via the Accept-Language header (CVE-2019-12962). The issue allows injection of JavaScript, potentially exfiltrating session cookies or performing actions on behalf of the victim. Remediation: upgrade to th...
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
rubygem-actionpack: denial of service vulnerability in Action View
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
Denial Of Service (DoS)
Apache HTTPD modauthnzldap is vulnerable to denial of serviceDoS attacks if configured with AuthLDAPCharsetConfig. A remote user could send a specially crafted Accept-Language header value to trigger an out-of-bounds memory write error and potentially cause the target service to crash...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
rubygem-actionpack: denial of service vulnerability in Action View
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
rubygem-actionpack: denial of service vulnerability in Action View
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
Denial Of Service (DoS) Through Double-free
Linux kernel is vulnerable to denial of service DoS through double-free vulnerability. This vulnerability exists in the inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel. Attackers could cause a denial of service or possibly have unspecified other impact by leveraging...
rubygem-actionpack: denial of service vulnerability in Action View
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
CVE-2019-5419
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
DEBIAN-CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...
CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...
CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...