59 matches found
Open redirect via double-encoded 'destination' parameter
More info at https://www.drupal.org/SA-CORE-2016-001...
Open redirect via double-encoded 'destination' parameter
More info at https://www.drupal.org/SA-CORE-2016-001...
CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...
Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure
The remote host is running a version of ColdFusion on Apache that is affected by an information disclosure vulnerability. When requesting a non-ColdFusion file, appending a double-encoded null byte and an extension handled by ColdFusion such as '.cfm' will display the contents of that file. A...
CVE-2009-1876
Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."...
mod_jk sends decoded URL to tomcat
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-6612
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
Directory traversal
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure
The version of ColdFusion running on the remote host allows an attacker to view the contents of files not interpreted by ColdFusion itself and hosted on the affected system. The problem is due to the fact that with ColdFusion, URL-encoded filenames are decoded first by IIS and then again by...
CVE-2006-5219
SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...
CVE-2006-5219
SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...
CVE-2006-5219
SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...
CVE-2004-1939
CVE-2004-1939 affects Zaep AntiSpam 2.0. The vulnerability is a cross-site scripting (XSS) flaw in the key parameter, exploitable via double-encoded slashes (%252F). The NVD metrics show a base score of 4.3 (medium) with network attack vector, no confidentiality impact, partial integrity impact, ...
CVE-2004-1939
Cross-site scripting XSS vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes %252F in the key parameter...
CVE-2005-1122
Format string vulnerability in cgi.c for Monkey daemon monkeyd before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers aka "double expansion error"...
CVE-2005-1122
The CVE-2005-1122 entry concerns the Monkey HTTP Server component monkeyd, specifically a format string vulnerability in cgi.c prior to version 0.9.1. A remote attacker can trigger a denial of service and potentially arbitrary code execution by sending an HTTP GET request containing double-encode...
CVE-2004-1939
Cross-site scripting XSS vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes %252F in the key parameter...