Lucene search
K

59 matches found

Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.25 views

Open redirect via double-encoded 'destination' parameter

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.01352EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.23 views

Open redirect via double-encoded 'destination' parameter

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.01352EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2011/09/28 12:0 a.m.31 views

CVE-2011-3848

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...

5CVSS6AI score0.01115EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/08/21 12:0 a.m.69 views

Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure

The remote host is running a version of ColdFusion on Apache that is affected by an information disclosure vulnerability. When requesting a non-ColdFusion file, appending a double-encoded null byte and an extension handled by ColdFusion such as '.cfm' will display the contents of that file. A...

5CVSS5.7AI score0.02805EPSS
Exploits0References2
Cvelist
Cvelist
added 2009/08/18 10:0 p.m.23 views

CVE-2009-1876

Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."...

6.1AI score0.02805EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2008/06/30 3:33 p.m.6 views

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS5.9AI score0.12924EPSS
Exploits1References4
NVD
NVD
added 2008/01/03 10:46 p.m.16 views

CVE-2007-6612

Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...

6.4CVSS6.6AI score0.03003EPSS
Exploits1References12
Prion
Prion
added 2008/01/03 10:46 p.m.11 views

Directory traversal

Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...

6.4CVSS6.8AI score0.03003EPSS
Exploits1References12Affected Software1
NVD
NVD
added 2007/05/25 6:30 p.m.33 views

CVE-2007-1860

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS6.4AI score0.12924EPSS
Exploits1References34
Cvelist
Cvelist
added 2007/05/25 6:0 p.m.45 views

CVE-2007-1860

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

6.3AI score0.12924EPSS
Exploits1References34
Tenable Nessus
Tenable Nessus
added 2007/02/08 12:0 a.m.84 views

ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure

The version of ColdFusion running on the remote host allows an attacker to view the contents of files not interpreted by ColdFusion itself and hosted on the affected system. The problem is due to the fact that with ColdFusion, URL-encoded filenames are decoded first by IIS and then again by...

5CVSS5.5AI score0.12908EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2006/10/10 4:6 a.m.26 views

CVE-2006-5219

SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...

5.1CVSS6.2AI score0.02127EPSS
Exploits1References1
NVD
NVD
added 2006/10/10 4:6 a.m.19 views

CVE-2006-5219

SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...

5.1CVSS8.3AI score0.02127EPSS
Exploits1References9
Cvelist
Cvelist
added 2006/10/09 10:0 p.m.23 views

CVE-2006-5219

SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...

8.3AI score0.02127EPSS
Exploits1References9
CVE
CVE
added 2005/05/10 4:0 a.m.51 views

CVE-2004-1939

CVE-2004-1939 affects Zaep AntiSpam 2.0. The vulnerability is a cross-site scripting (XSS) flaw in the key parameter, exploitable via double-encoded slashes (%252F). The NVD metrics show a base score of 4.3 (medium) with network attack vector, no confidentiality impact, partial integrity impact, ...

4.3CVSS6AI score0.01739EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.20 views

CVE-2004-1939

Cross-site scripting XSS vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes %252F in the key parameter...

5.7AI score0.01739EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/04/16 4:0 a.m.21 views

CVE-2005-1122

Format string vulnerability in cgi.c for Monkey daemon monkeyd before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers aka "double expansion error"...

7.7AI score0.02688EPSS
Exploits0References4
CVE
CVE
added 2005/04/16 4:0 a.m.46 views

CVE-2005-1122

The CVE-2005-1122 entry concerns the Monkey HTTP Server component monkeyd, specifically a format string vulnerability in cgi.c prior to version 0.9.1. A remote attacker can trigger a denial of service and potentially arbitrary code execution by sending an HTTP GET request containing double-encode...

7.5CVSS7.7AI score0.02688EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2004/04/14 4:0 a.m.18 views

CVE-2004-1939

Cross-site scripting XSS vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes %252F in the key parameter...

4.3CVSS5.7AI score0.01739EPSS
Exploits0References5
Rows per page
Query Builder