EUVD-2023-31723

Malicious code in bioql PyPI...

EUVD-2022-43746

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-40468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier us...

CVE-2023-27998

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

USN-7140-1 tinyproxy vulnerability

It was discovered that Tinyproxy did not properly manage memory under certain circumstances. An attacker could possibly use this issue to leak left-over heap data if custom error page templates containing special non-standard variables are used...

CVE-2023-27998

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

CVE-2023-27998

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

Code injection

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

PT-2023-21471 · Fortinet · Fortipresence

Name of the Vulnerable Software and Affected Versions: FortiPresence versions 1.0 through 1.2.1 Description: A lack of custom error pages may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

DEBIAN-CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

UBUNTU-CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

tomcat: Security constrained bypass in error page mechanism

A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page...

How to Display Custom Error Pages by Using NetScaler Responder Policies

This article contains information about configuring Responder policies that redirect user requests to custom error pages during a maintenance period of a back end web server farm. Background You can create custom error page and redirect the user requests to it. For example, you might want to host...

ashleyDoS.txt

Update: 10:38 PM 3/27/2005 Subject: " Ashley's Server DoS Exploit " Vulnerable version: Ashley's 1.0 Description: Ashley's Web Server its currently supports perl cgi. Also supported are directory listings,custom front pages, custom error pages.It also supports flash, pdf,realmedia, mp3s, avi's,...

Microsoft IIS Cookie information disclosure

The remote host is running Microsoft IIS with what appears to be a a vulnerable disclosure of cookie usage. That is, when sent a Cookie with the '=' character, Microsoft IIS will either respond with an error if actually processing the cookie via a specific asp page or disclose information of the...

Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection

source: https://www.securityfocus.com/bid/7939/info An issue has been reported for Microsoft Internet Explorer that may result in HTML injection attacks. The vulnerability exists when IE is used to display custom HTTP error messages also known as "Friendly HTTP error messages". Due to some errors...