encoded_id-rails Security Vulnerability

encodedid-rails is a library by the individual developer Stephen Ierodiaconou. A security vulnerability exists in versions of encodedid-rails prior to 1.0.0.beta2, which stems from a denial of service due to a long encoded ID of a URI...

Siemens Desigo PXM Devices Improper Neutralization of Encoded Uri Schemes in a Web Page (CVE-2022-40181)

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

GHSA-M7XJ-CCQC-P4G2 Apache Tomcat Directory Traversal vulnerability

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...

GHSA-VJV5-GP2W-65VM Encoded URIs can access WEB-INF directory in Eclipse Jetty

Description URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Impact The default compliance mode allows requests with UR...

Directory traversal

Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f encoded dot dot slash to the default URI...

Directory traversal

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f encoded slash dot dot slash in a URI...

CVE-2006-3921

Sun Java System Application Server SJSAS 7 through 8.1 and Web Server SJSWS 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI...

CVE-2006-0019

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI...

Apple Safari 1.x - Cookie Directory Traversal

source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded URI content, this may make it possible for an...

Apple Safari 1.x - Cookie Directory Traversal

Apple Safari 1.x - Cookie Directory Traversal source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded UR...