2994 matches found
GHSA-4G42-GQRG-4633 Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...
SUSE CVE-2023-30798
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
Reflected XSS Vulnerability at `_detail/?lang` parameter
Description Reflected XSS vulnerability allows attackers to exploit the trust placed by a web application in user-supplied input, such as query parameters or form fields. In this case, the vulnerability was found in the following URL: https://www.dokuwiki.org/detail/?lang=1"alertdocument.domain...
GHSA-3QJ8-93XH-PWH2 Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-74m5-2c7w-9w3x. This link is maintained to preserve external references. Original Description There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated a...
PYSEC-2023-48
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
CVE-2023-30798
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
Starlette 资源管理错误漏洞
Starlette is Encode open source a lightweight ASGI framework/toolkit . Very suitable for building asynchronous web services with Python . Encode Starlette 0.25.0 before the version has a security vulnerability . An attacker exploited the vulnerability to specify an arbitrary number of form fields...
CVE-2023-29189
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
CVE-2023-29189
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
Code injection
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
CVE-2023-29189 HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
CVE-2023-29189
CVE-2023-29189 affects SAP CRM (WebClient UI) across multiple versions (S4FND 102–107, WEBCUIF, 700–801). The root cause is an issue in the web server handling where HTTP verbs can be modified by an authenticated attacker, with the application exposed over the network. Consequence: exposure of fo...
PT-2023-22191 · Sap · Sap Crm
Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801 Description: The issue allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This...
SAP CRM 安全漏洞
SAP CRM is a customer relationship management system from SAP, Germany. A security vulnerability exists in SAP CRM WebClient UI that originates from a vulnerability that allows an attacker to modify the HTTP verbs used in a request via a web server, which could lead to the exposure of form fields...
SAS Admin Console 跨站脚本漏洞
Sas Institute SAS Admin Console is an advanced analytics and business intelligence platform from Sas Institute, Inc. A security vulnerability exists in SAS Admin Console version 9.4, which stems from insufficient validation and cleaning of data entry for user-created and edited form fields...
CVE-2023-22249
Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...
CVE-2023-22249 Adobe Commerce Stored XSS Arbitrary code execution
Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...
PT-2023-2049 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.4-p2 and earlier Adobe Commerce versions 2.4.5-p1 and earlier Description: The issue is a stored Cross-Site Scripting XSS vulnerability that could be exploited by a high-privileged attacker to inject malicious...
SUSE CVE-2010-1125
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus metho...
WEBY 1.2.5 Cross Site Request Forgery
==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...