Lucene search
K

187 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-1302

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...

5CVSS7AI score0.01326EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.5 views

SUSE CVE-2007-0450

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

5CVSS6.9AI score0.90768EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.8 views

SUSE CVE-2007-5333

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...

5CVSS5AI score0.62575EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.4 views

SUSE CVE-2008-1145

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash \ path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash...

5CVSS7.7AI score0.18163EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.3 views

SUSE CVE-2015-3297

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...

7.5CVSS7AI score0.04955EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.4 views

SUSE CVE-2018-7212

An issue was discovered in rack-protection/lib/rack/protection/pathtraversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters...

5.3CVSS7.1AI score0.01874EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.2 views

SUSE CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

5.4CVSS7AI score0.00895EPSS
Exploits1References5
Veracode
Veracode
added 2022/12/22 2:33 a.m.29 views

Information Disclosure

github.com/Azure/aad-pod-identity is vulnerable to information disclosure. The vulnerability exists because server.go does not properly handle invalid token requests, allowing an attacker to bypass the NMI validation and send the token to IMDS in the cluster through the token request made with...

5.3CVSS5.2AI score0.00709EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/10/07 7:29 a.m.3 views

GHSA-CG8C-GC2J-2WF7 Flask-Security vulnerable to Open Redirect

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6AI score0.00895EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/09/20 12:27 p.m.5 views

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

7.5CVSS7.1AI score0.04456EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/09/11 1:42 p.m.2 views

CVE-2022-25295

This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parser.FormValue"next" to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple...

5.4CVSS6.1AI score0.00542EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/11 12:0 a.m.5 views

PT-2022-17191 · Gophish · Gophish

Name of the Vulnerable Software and Affected Versions: gophish versions prior to 0.12.0 Description: The issue exists in the next query parameter, where the application uses url.Parser.FormValue"next" to extract the path and redirect the user to a relative URL. However, if the next parameter star...

5.4CVSS6.8AI score0.00542EPSS
Exploits1References11
OSV
OSV
added 2022/08/02 2:15 p.m.2 views

DEBIAN-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6.6AI score0.00895EPSS
Exploits1References1
OSV
OSV
added 2022/08/02 2:15 p.m.4 views

UBUNTU-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6.5AI score0.00895EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/08/02 1:22 p.m.5 views

CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS5.7AI score0.00895EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.4 views

PT-2022-9396 · Werkzeug +4 · Werkzeug +4

Name of the Vulnerable Software and Affected Versions: Flask-Security versions all Description: This issue allows an attacker to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes. The vulnerability is only exploitable if an alternative WSGI server...

7.4CVSS6.4AI score0.01079EPSS
Exploits2References38
RedhatCVE
RedhatCVE
added 2022/06/20 3:59 p.m.25 views

CVE-2021-46823

A flaw was found in python-ldap. The vulnerability occurs due to a regular expression and leads to a denial of service attack. This flaw allows an attacker to parse LDAP schema definitions from an untrusted source, leading to a crash or code execution. Mitigation Check input for an excessive amou...

6.5CVSS5.4AI score0.01701EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/06/06 9:29 a.m.4 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...

8.6CVSS7.4AI score0.03286EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2022/03/23 12:0 a.m.49 views

gitea -- Open Redirect on login

Andrew Thornton reports: When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes...

7.2CVSS3.3AI score0.53177EPSS
Exploits1References1
Snyk
Snyk
added 2022/02/17 7:58 a.m.1 views

Open Redirect

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Open Redirect. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parser.FormValue"next" to extract path and eventually redirect user to a relative...

5.4CVSS6.7AI score0.00542EPSS
Exploits1References2
Rows per page
Query Builder