fastapi-utils跨站请求伪造漏洞

fastapi-utils is a software application. The reusable tool is FastAPI A cross-site request forgery vulnerability exists in fastapi-utils, which stems from the use of cookies for authentication in the path operation of receiving JSON loads from browsers in FastAPI version 0.65.2 and below, making ...

Security Bulletin: Security vulnerability in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerability that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

Security Bulletin: Vulnerability in Rational Team Concert with potential for Cross-Site Scripting attack (CVE-2016-0331)

Summary IBM Team Concert RTC is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2016-0331 DESCRIPTION: IBM Team Concert RTC is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...

[SECURITY] [DSA 4905-1] shibboleth-sp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4905-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2021 https://www.debian.org/security/faq -...

sbibboleth-sp -- denial of service vulnerability

Shibboleth project reports: Session recovery feature contains a null pointer deference. The cookie-based session recovery feature added in V3.0 contains a flaw that is exploitable on systems not using the feature if a specially crafted cookie is supplied. This manifests as a crash in the shibd...

CVE-2020-7848

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...

CVE-2020-26768

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

Cross site scripting

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

Cross site scripting

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security...

CVE-2020-14271

HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the...

Security Bulletin: A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.

Summary A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2019. Vulnerability Details CVEID: CVE-2019-10241...

Security Bulletin: A security vulnerability in GO affects IBM Cloud Automation Manager.

Summary A security vulnerability in GO affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could exploit thi...

Artica Proxy 4.30.000000 Authentication Bypass / Command Injection Exploit

This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and...

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-1941)

Summary Apache ActiveMQ is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1941 DESCRIPTION: Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper...

CVE-2012-3341

IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of...

Cross site scripting

IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of...

Security Bulletin: A vulnerability in jQuery affects IBM WIoTP MessageGateway (CVE-2020-7656)

Summary There is a vulnerability in jQuery that affects IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remote attacker could exploit this...

CVE-2017-1659

"HCL iNotes is susceptible to a Cross-Site Scripting XSS Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."...