8064 matches found
Apache JSPWiki < 2.11.3 Multiple Vulnerabilities
Apache JSPWiki is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
USN-5551-1: mod-wsgi vulnerability
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations...
Important: Red Hat Security Advisory: php security update
An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
RLSA-2022:5904 Important: php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
CVE-2022-28731
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page...
CVE-2022-27166
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim...
CVE-2022-34158
CVE-2022-34158 affects Apache JSPWiki prior to 2.11.3, where a crafted invocation on the Image plugin can trigger a CSRF vulnerability. This could allow group privilege escalation of the attackerās account and, per the description, could also be used to modify the attacked accountās email and the...
CVE-2022-28731 Apache JSPWiki CSRF in UserPreferences.jsp
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page...
CVE-2022-27166
Apache JSPWiki is affected by a cross-site scripting vulnerability triggered by a crafted request to XHRHtml2Markup.jsp, impacting versions up to 2.11.2. The issue enables execution of JavaScript in a victimās browser and potential information disclosure. A fix is available in version 2.11.3 and ...
PT-2022-19199 Ā· Apache Ā· Apache Jspwiki
Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions prior to 2.11.3 Description: A carefully crafted request on "UserPreferences.jsp" could trigger a CSRF issue, allowing an attacker to modify the email associated with the attacked account, and then initiate a reset...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2180)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Loan Management System 1.0 SQL Injection Vulnerability
Exploit Title: Loan Management System - SQL Injection via login page Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL The attack vector for the SQ...
EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2172)
According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according t...
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to bypass security restrictions and obtain sensitive information due to multiple vulnerabilities.
Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to bypass security restrictions due to failure to send headers CVE-2022-31813, read unintended memory due to large inputs to aprwrite function CVE-2022-28614, and read buffer beyond bound due to large input to apstrcmpmatch...
Apache Apereo CAS Log4Shell Direct Check (CVE-2021-44228)
Binary data apacheapereocaslog4shell.nbin...
GHSA-XXJ3-55P6-XG3H Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...
CVE-2022-24294
CVE-2022-24294 affects Apache MXNet (incubating) prior to 1.9.1. The vulnerability is a regular-expression Denial of Service (ReDoS) in the MXNet RTC module (get_kernel path cited in sources) when loading a model with a specially crafted operator name, causing excessive resource consumption durin...
HTTP Request Smuggling
libhttp-daemon-per is vulnerable to HTTP request smuggling. The vulnerability exists because most Perl based applications are served on top of Nginx or Apache, not on the HTTP::Daemon which allows an attacker to gain privileged access to APIs or poison intermediate caches...
Drupal 7.x < 7.91 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...