Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0alpha0 to 10.0.0.beta2, and 11.0.0alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, then if an attacker can send a request with a body that ...

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

AZL-76373 CVE-2026-1467 affecting package libsoup for versions less than 3.4.4-12

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

Mozilla Thunderbird < 52.5.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-30 advisory. - It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g...

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

EUVD-2012-2569

Malware in sbrugna...

EUVD-2005-4649

Malware in sbrugna...

jetty: buffer not correctly recycled in Gzip Request inflation

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

CVE-2020-27218

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

Exploit for Argument Injection in Php

This repository is an exploit module for CVE-2018-19518, a vulnerability in the PHPMailer library. The exploit is written in Python and targets the PHPMailer library's use of the "mail" function to send emails. The vulnerability allows an attacker to inject malicious code into the email body, whi...

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisors, arises from the failure to address sequences of characters CRLF. This allows attackers to control the headers and bodies of HTTP responses, as well as execute cross-site scripting attacks and attacks on intermediate proxy servers.

The vulnerability of the VMware vCenter Server and VMware ESXi hypervisor management infrastructure relates to the lack of measures to neutralize CRLF sequences. User-provided data is appended to HTTP responses without proper processing, allowing arbitrary headers to be inserted into HTTP...

CVE-2017-11617

Cross-site scripting XSS vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes...

Shopify: Body injection in mailto link while commenting shop blog

While commenting shop blog an attacker can inject a body attribute in email so it will be interpreted by shop administrator email-client. Attacker can make the request below to send the malicious comment: http POST /blogs/news/18286141-first-post/comments HTTP/1.1 Host: test-4579.myshopify.com...

surgemail 6.0a4 - Stored XSS

No description provided by source. !/usr/bin/python ''' Author: loneferret of Offensive Security Product: SurgeMail Version: 6.0a4 Vendor Site: http://www.netwinsite.com Software Download: http://netwinsite.com/download.htm Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Respon...