28 matches found
ROS-20260505-73-0048
A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...
ROS-20260505-73-0045
A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...
DEBIAN-CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
CRLF Injection
Overview Affected versions of this package are vulnerable to CRLF Injection via the urllib.request.DataHandler. An attacker can manipulate HTTP headers by injecting newline characters in the mediatype portion of a data URL, to alter request behavior or bypass security controls. Remediation A fix...
PT-2026-3662
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-15282 Description User-controlled data URLs parsed by urllib.request.DataHandler can allow injection of headers through newlines in the data URL mediatype. The issue involves the parsing of data URLs, potentially leading...
EUVD-2024-0718
Malicious code in bioql PyPI...
CVE-2024-25121
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...
FreeBSD : typo3-{11,12} -- multiple vulnerabilities (1ad3d264-e36b-11ee-9c27-40b034429ecf)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ad3d264-e36b-11ee-9c27-40b034429ecf advisory. - In TYPO3 11.5.24, the filelist component allows attackers who have access to the administrat...
Directory traversal
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...
CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...
CVE-2024-25121
CVE-2024-25121 is an access control vulnerability in TYPO3’s File Abstraction Layer (FAL). When persisting FAL entities directly via DataHandler, attackers with a valid backend account could reference files in the fallback storage (zero-storage) and retrieve file names and contents. The fallback ...
CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...
CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...
GHSA-RJ3X-WVC6-5J66 TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Problem Entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage "zero-storage" is used as a backward compatibility layer for...
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Problem Entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage "zero-storage" is used as a backward compatibility layer for...
PT-2024-20762 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: In affected...
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-006)
The version of TYPO3 installed on the remote host is prior to 8.0.0 isImporting = true;. CVE-2024-25121 Note t...
CVE-2021-38393
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query....
CVE-2021-38390
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query...