Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

107 matches found

0day.today
0day.todayadded 2014/04/30 12:0 a.m.36 views

Lavarel-Security XSS Filter Bypass Vulnerability

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability. Product: Lavarel-Security XSS Filter Bypass Vulnerability: Mutation Based XSS Bypass Impact: Medium/High Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com Status: Fixed ========= Description...

6.8AI score
Exploits0
Packet Storm
Packet Stormadded 2012/06/05 12:0 a.m.28 views

WordPress 3.3.2 Cross Site Scripting

There is a persistent XSS vulnerability in the wordpress version 3.3.2. However, the severity of this finding is very LOW. The detail is as follow, a Login into an admin account b Navigate to Links - Links Categories c Fill up the required details and intercept the request with a BURP suite. d Th...

7AI score
Exploits0
Packet Storm
Packet Stormadded 2008/11/29 12:0 a.m.22 views

linksys-xss.txt

Linksys WRT160N Wireless Router Double encoding XSS Vulnerability By David Gil http://www.infosec.com.mx [email protected] Using Double encoding attack you can inject XSS code into a HTTP POST request a common user can be easily cheated and compromise router password or router configuration...

7.4AI score
Exploits0
RedHat Linux
RedHat Linuxadded 2008/05/20 2:12 p.m.3 views

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS5.9AI score0.90452EPSS
Exploits2References4
RedHat Linux
RedHat Linuxadded 2007/05/30 4:27 p.m.3 views

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS5.9AI score0.90452EPSS
Exploits2References4
seebug.org
seebug.orgadded 2007/05/27 12:0 a.m.37 views

Apache Tomcat JK Web Server Connector双重编码“..”绕过安全限制漏洞

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在处理畸形编码的文件请求时存在漏洞,远程攻击者可能利用此漏洞绕过访问限制。 Apache Tomcat用于连接tomcat和apache之间的连接器JK Web Server Connector没有正确处理URL中双重编码的“..”字串。如果多个组件(防火墙、缓存、代理和Tomcat)处理一个请求的话,这些组件不应迭代的多次解码请求URL,否则就可能绕过最后一个组件之前所实施的访问控制规则。 默认下modjk解码Apache...

7.1AI score
Exploits0
OSV
OSVadded 2007/05/25 6:30 p.m.3 views

DEBIAN-CVE-2007-1860

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

5CVSS6.6AI score0.24507EPSS
Exploits2References1
Rows per page
Query Builder