CVE-2022-22728

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack...

SUSE SLED15 / SLES15 Security Update : perl-HTTP-Daemon (SUSE-SU-2022:2874-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2874-1 advisory. - HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability whi...

SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2022:2872-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2872-1 advisory. - HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially ...

CVE-2022-35278

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue...

CVE-2022-35278

CVE-2022-35278 affects Apache ActiveMQ Artemis before 2.24.0, where HTML in the name of an address/queue can inject HTML into the web console, potentially showing malicious content or redirecting users. Red Hat AMQ Broker advisories confirm a fix in 2.24.0+ (and related advisories list the CVE). ...

Cross-site Scripting (XSS)

trafficserver is vulnerable to cross-site scripting attacks. Vulnerability exists due to improper Input validation in handling the transfer-encoding header of apache traffic server allows an attacker to poison the cache...

Updated apache-mod_wsgi packages fix security vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...

FreeBSD : Tomcat -- XSS in examples web application (e2e7faf9-1b51-11ed-ae46-002b67dfc673)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2e7faf9-1b51-11ed-ae46-002b67dfc673 advisory. - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81...

Apache HTTPD: Multiple Vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Readymade Job Portal Script SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Apache Avro Denial of Service Vulnerability

Apache Avro is a data serialization system from the Apache Foundation, Inc. A denial of service vulnerability exists in versions of Apache Avro Rust prior to 0.14.0, which stems from an integer overflow when reading corrupted .avro files in the Avro Rust SDK, and can be exploited by an attacker t...

GHSA-V456-CHPW-6MMW Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

Apache Avro Rust SDK corrupted data read can cause crash

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

GHSA-6955-67HM-VJJQ Drupal core arbitrary PHP code execution

Drupal core sanitizes filenames with dangerous extensions upon upload and strips leading and trailing dots from filenames to prevent uploading server configuration files. However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site we...

Command Execution Vulnerability in Apache CouchDB

Apache CouchDB is the United States Apache Apache Foundation's use of Erlang development of a document-oriented database system. Apache CouchDB suffers from a command execution vulnerability that can be exploited by an attacker to gain administrator privileges...

Apache JSPWiki CSRF due to crafted invocation on the Image plugin

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

Apache JSPWiki XSS due to crafted request in WeblogPlugin

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later...

Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page...