19 matches found
EUVD-2016-3071
Malware in sbrugna...
Arbitrary File Read
craftcms/cms is vulnerable to arbitrary file read. The vulnerability is due to the exploitation of the dataUrl function, which allows attackers with write permissions on system notification templates to embed and exfiltrate Base64-encoded file content via triggered email notifications...
GHSA-R32J-MR8P-HFP8 Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...
Fluent Bit 安全漏洞
Fluent Bit is an open source log processing and analyzing system written in C. A security vulnerability exists in Fluent Bit versions 2.1.8 through 2.2.1 that stems from a null pointer dereference vulnerability that allows an attacker to construct an invalid HTTP with a content type of...
USN-6682-1 puma vulnerabilities
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. CVE-2020-11076 It was discovered that Puma incorrectly handled parsing certain header...
SUSE CVE-2006-6406
Clam AntiVirus ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...
DEBIAN-CVE-2022-39956
The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...
Arbitrary file deletion
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."...
CVE-2016-3168
Removed by vendor...
CVE-2016-1982
The removechunkedtransfercoding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via crafted chunk-encoded content...
CVE-2016-1982
The removechunkedtransfercoding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via crafted chunk-encoded content...
Design/Logic Flaw
The removechunkedtransfercoding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via crafted chunk-encoded content...
CVE-2016-1982
Affected software / component: Privoxy (filters.c, remove_chunked_transfer_coding). Vulnerability: Remote attackers can trigger a denial of service (invalid read and crash) by sending crafted chunk-encoded content. This impacts Privoxy versions before 3.0.24. Impact: Denial of Service via crafted...
DLA-398-1 privoxy - security update
Bulletin has no description...
CVE-2015-6737
Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...
Cross site scripting
Cross-site scripting XSS vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content...
CVE-2015-6737
CVE-2015-6737 is a MediaWiki Widgets extension XSS vulnerability. Remote attackers could inject arbitrary script/HTML via base64-encoded content. Affected: MediaWiki Widgets extension. Root cause: cross-site scripting in the Widgets template. Impact documented as possible remote code execution vi...
F5 BIG-IP Application Security Manager JSON Content Handling ASM Filter Bypass Vulnerability
F5 BIG-IP is the application switch. The F5 BIG-IP Application Security Manager ASM JSON parser fails to properly filter URL-encoded content, allowing remote attackers to exploit a vulnerability to bypass security filters...
Only strings are encoded
The XML encoder only encodes strings. This could make Confluence return non encoded content. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issue and more information on how we rate issues...