98 matches found
EUVD-2026-36524
form-data: CRLF injection in form-data via unescaped multipart field names and filenames...
EUVD-2000-0475
Malware in sbrugna...
EUVD-2015-5187
Malware in sbrugna...
EUVD-2015-5191
Malware in sbrugna...
EUVD-2017-16548
Malware in sbrugna...
EUVD-2022-48059
Malicious code in bioql PyPI...
EUVD-2022-2994
Malicious code in bioql PyPI...
NewStart CGSL MAIN 6.06 : audit Vulnerability (NS-SA-2025-0234)
The remote NewStart CGSL host, running version MAIN 6.06, has audit packages installed that are affected by a vulnerability: - Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. CVE-2015-5186 Note that Nessus has not tested for these issues but has instead relied only o...
Improper Neutralization of Escape Characters
Overview mkdocs-include-markdown-plugin is a Mkdocs Markdown includer plugin. Affected versions of this package are vulnerable to Improper Neutralization of Escape Characters in the placeholder substitution process. An attacker can cause unintended modifications to output or disrupt application...
USN-7781-1: Inetutils vulnerabilities
Matthew Hickey discovered that Inetutils did not correctly handle certain escape characters. An attacker could possibly use this issue to cause a denial of service. CVE-2019-0053 It was discovered that Inetutils did not correctly handle certain memory operations. An attacker could possibly use th...
CLSA-2025-1758035415 httpd: Fix of 2 CVEs
CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...
httpd: insufficient escaping of user-supplied data in mod_ssl
A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...
httpd: insufficient escaping of user-supplied data in mod_ssl
A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...
CVE-2024-47252
A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...
CVE-2024-47252
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
CVE-2024-47252 Apache HTTP Server: mod_ssl error log variable escaping
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...
CVE-2025-0975
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters...
CVE-2025-0975
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters...
CVE-2025-0975
CVE-2025-0975 affects IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console and is caused by improper neutralization of escape characters. An authenticated user could execute code on vulnerable installations. The issue is confirmed in IBM MQ console components; no exploitation specifics are provide...