Lucene search
K

16602 matches found

NVD
NVD
added 2023/06/01 9:15 p.m.8 views

CVE-2023-27639

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter filename in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to...

7.5CVSS7.5AI score0.03551EPSS
Exploits1References1
Prion
Prion
added 2023/06/01 9:15 p.m.14 views

Open redirect

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter filename in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to...

5CVSS7.5AI score0.03551EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/06/01 9:15 p.m.20 views

Open redirect

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

5CVSS7.5AI score0.03573EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/06/01 12:0 a.m.65 views

CVE-2023-27639

Summary of CVE-2023-27639 (PrestaShop Tshirtecommerce) The Custom Product Designer (tshirtecommerce) module for PrestaShop, version 2.1.4 and earlier, allows an HTTP request to be forged via the POST parameter file_name in the endpoint tshirtecommerce/ajax.php?type=svg. This enables a remote atta...

7.5CVSS7.5AI score0.03551EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/01 12:0 a.m.6 views

CVE-2023-27639

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter filename in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to...

7.5AI score0.03551EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/01 12:0 a.m.20 views

CVE-2023-27639

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter filename in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to...

7.7AI score0.03551EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/01 12:0 a.m.26 views

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

7.7AI score0.03573EPSS
Exploits1References1
CVE
CVE
added 2023/06/01 12:0 a.m.89 views

CVE-2023-27640

The PrestaShop module tshirtecommerce (Custom Product Designer) version 2.1.4 is affected by a directory traversal vulnerability in the fonts.php endpoint. An attacker can forge HTTP requests using the POST parameter type (and related GET parameters) to traverse the server’s file system and read ...

7.5CVSS7.5AI score0.03573EPSS
In wildExploits1References1Affected Software1
OpenVAS
OpenVAS
added 2023/06/01 12:0 a.m.47 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1998)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.8377EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2023/06/01 12:0 a.m.41 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2019)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.8377EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2023/05/31 12:0 a.m.25 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18-openssl (SUSE-SU-2023:2312-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2312-1 advisory. - Add subpackage go1.x-libstd compiled shared object libstd.so jscPED-1962 Main go1.x package...

7.8CVSS7AI score0.05623EPSS
Exploits9References88
0day.today
0day.today
added 2023/05/31 12:0 a.m.334 views

Pydio Cells 4.1.2 - Unauthorised Role Assignments Vulnerability

Exploit Title: Pydio Cells 4.1.2 - Unauthorised Role Assignments Affected Versions: 4.1.2 and earlier versions Fixed Versions: 4.2.0, 4.1.3, 3.0.12 Vulnerability Type: Privilege Escalation Security Risk: high Vendor URL: https://pydio.com/ Vendor Status: notified Advisory URL:...

8.8CVSS7.1AI score0.14197EPSS
Exploits6
OSV
OSV
added 2023/05/30 6:30 p.m.8 views

GHSA-MJ6P-3PC9-WF5M proxy denial of service vulnerability

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception...

7.5CVSS7.2AI score0.01478EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/05/30 6:30 p.m.20 views

proxy denial of service vulnerability

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception...

7.5CVSS7.2AI score0.01478EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/05/30 6:15 p.m.26 views

CVE-2023-2968

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception...

7.5CVSS7.4AI score0.01478EPSS
Exploits1References1
Prion
Prion
added 2023/05/30 6:15 p.m.20 views

Code injection

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception...

5CVSS7.4AI score0.01478EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/05/30 5:37 p.m.26 views

CVE-2023-2968 Undefined variable usage in npm package "proxy" leads to remote denial of service

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception...

7.5CVSS7.6AI score0.01478EPSS
Exploits1References1
CVE
CVE
added 2023/05/30 5:37 p.m.61 views

CVE-2023-2968

CVE-2023-2968 corresponds to a DoS flaw in the npm package proxy (TooTallNate proxy-agents) caused by using an undefined variable in socket.remoteAddress, which raises a TypeError when processing crafted HTTP requests. The vulnerability allows remote attackers to trigger denial of service without...

7.5CVSS7.4AI score0.01478EPSS
Exploits1References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/30 1:29 p.m.136 views

Security Bulletin: Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks (CVE-2023-25690)

Summary Apache HTTP Server as used by IBM QRadar SIEM is vulnerable to HTTP request splitting attacks. IBM has addressed the relevant vulnerability Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when...

9.8CVSS9.3AI score0.8377EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/30 12:0 a.m.49 views

GLSA-202305-37 : Apache Tomcat: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-37 Apache Tomcat: Multiple Vulnerabilities - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to...

7.5CVSS7.4AI score0.51547EPSS
Exploits1References9
Rows per page
Query Builder