Lucene search
+L

2994 matches found

OSV
OSV
added 2023/06/14 9:30 a.m.3 views

GHSA-4G42-GQRG-4633 Apache Struts vulnerable to memory exhaustion

Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...

7.5CVSS5.9AI score0.05467EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/06/06 2:15 a.m.13 views

SUSE CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7AI score0.01288EPSS
Exploits0References3
Huntr
Huntr
added 2023/05/27 5:43 a.m.15 views

Reflected XSS Vulnerability at `_detail/?lang` parameter

Description Reflected XSS vulnerability allows attackers to exploit the trust placed by a web application in user-supplied input, such as query parameters or form fields. In this case, the vulnerability was found in the following URL: https://www.dokuwiki.org/detail/?lang=1"alertdocument.domain...

6.3AI score
Exploits0References1
OSV
OSV
added 2023/04/21 6:30 p.m.81 views

GHSA-3QJ8-93XH-PWH2 Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-74m5-2c7w-9w3x. This link is maintained to preserve external references. Original Description There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated a...

7.5CVSS7.3AI score0.01288EPSS
Exploits0References5
PyPA
PyPA
added 2023/04/21 4:15 p.m.5 views

PYSEC-2023-48

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7AI score0.01288EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2023/04/21 3:27 p.m.63 views

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

7.5CVSS7.2AI score0.01288EPSS
Exploits0
CNNVD
CNNVD
added 2023/04/21 12:0 a.m.5 views

Starlette 资源管理错误漏洞

Starlette is Encode open source a lightweight ASGI framework/toolkit . Very suitable for building asynchronous web services with Python . Encode Starlette 0.25.0 before the version has a security vulnerability . An attacker exploited the vulnerability to specify an arbitrary number of form fields...

7.5CVSS7.3AI score0.01288EPSS
Exploits0References4
OSV
OSV
added 2023/04/11 4:16 a.m.5 views

CVE-2023-29189

SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...

5.4CVSS6.1AI score0.00442EPSS
Exploits0References2
NVD
NVD
added 2023/04/11 4:16 a.m.30 views

CVE-2023-29189

SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...

5.4CVSS5.3AI score0.00442EPSS
Exploits0References2
Prion
Prion
added 2023/04/11 4:16 a.m.24 views

Code injection

SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...

5.5CVSS5.4AI score0.00442EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/04/11 3:11 a.m.38 views

CVE-2023-29189 HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)

SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...

5.4CVSS5.7AI score0.00442EPSS
Exploits0References2
CVE
CVE
added 2023/04/11 3:11 a.m.54 views

CVE-2023-29189

CVE-2023-29189 affects SAP CRM (WebClient UI) across multiple versions (S4FND 102–107, WEBCUIF, 700–801). The root cause is an issue in the web server handling where HTTP verbs can be modified by an authenticated attacker, with the application exposed over the network. Consequence: exposure of fo...

5.4CVSS5.3AI score0.00442EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.5 views

PT-2023-22191 · Sap · Sap Crm

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801 Description: The issue allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This...

5.4CVSS5.2AI score0.00442EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.5 views

SAP CRM 安全漏洞

SAP CRM is a customer relationship management system from SAP, Germany. A security vulnerability exists in SAP CRM WebClient UI that originates from a vulnerability that allows an attacker to modify the HTTP verbs used in a request via a web server, which could lead to the exposure of form fields...

5.4CVSS5.7AI score0.00442EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.6 views

SAS Admin Console 跨站脚本漏洞

Sas Institute SAS Admin Console is an advanced analytics and business intelligence platform from Sas Institute, Inc. A security vulnerability exists in SAS Admin Console version 9.4, which stems from insufficient validation and cleaning of data entry for user-created and edited form fields...

5.4CVSS5.7AI score0.00596EPSS
Exploits0References4
NVD
NVD
added 2023/03/27 9:15 p.m.22 views

CVE-2023-22249

Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

4.8CVSS4.6AI score0.57424EPSS
Exploits0References1
OSV
OSV
added 2023/03/27 12:0 a.m.20 views

CVE-2023-22249 Adobe Commerce Stored XSS Arbitrary code execution

Adobe Commerce versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

4.8CVSS5.9AI score0.57424EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.5 views

PT-2023-2049 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.4-p2 and earlier Adobe Commerce versions 2.4.5-p1 and earlier Description: The issue is a stored Cross-Site Scripting XSS vulnerability that could be exploited by a high-privileged attacker to inject malicious...

5.5CVSS4.9AI score0.57424EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-1125

The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus metho...

5.8CVSS8.9AI score0.02018EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2023/02/10 12:0 a.m.296 views

WEBY 1.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...

0.8AI score
Exploits0
Rows per page
Query Builder