4151 matches found
SUSE CVE-2013-2479
The dissectmplsechotlvddmap function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service infinite loop via invalid Sub-tlv data...
SUSE CVE-2014-0100
Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service use-after-free error or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system wi...
SUSE CVE-2014-0101
The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...
SUSE CVE-2016-3707
The icmpchecksysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Ech...
SUSE CVE-2020-13775
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash with a NULL pointer dereference if echo-message is not enabled and there is no network...
SUSE CVE-2020-17443
An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6...
SUSE CVE-2020-25112
An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet...
SUSE CVE-2022-45411
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...
The Small but Mighty Danger of Echo Chamber Extremism
Research shows that relatively few people exist in perfectly sealed-off media bubbles—but they’re still having an outsize impact on US politics...
Multiple XSS Vulnerabilities in Queue Condition
Description Cross-Site Scripting XSS vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code...
Echo vulnerable to directory traversal
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
GHSA-J453-HM5X-C46W Echo vulnerable to directory traversal
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
CVE-2020-36565
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
CVE-2020-36565 Directory traversal on Windows in github.com/labstack/echo/v4
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
CVE-2020-36565 Directory traversal on Windows in github.com/labstack/echo/v4
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
labstack echo 路径遍历漏洞
labstack echo is the high-performance, minimalist Go Web framework. A security vulnerability exists in the previous version of labstack echo v4.1.18-0.20201215153152-4422e3b66b9f, which stems from incorrect cleanup of user input on Windows, where the static file handler allows for directory...
Canteen Management System 安全漏洞
Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System that stems from a problem with the builtinecho function in the file categories.php, which could lead to cross-site scripting...
Canteen Management System 安全漏洞
Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System that stems from a problem with the buildinecho function in the file customer.php, which could lead to cross-site scripting...
PT-2022-26491 · Sourcecodester · Sourcecodester Canteen Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Canteen Management System affected versions not specified Description: A vulnerability was found in the SourceCodester Canteen Management System, affecting the builtin echo function of the customer.php file. This issue leads to...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...