54 matches found
UBUNTU-CVE-2023-45142
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Design/Logic Flaw
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
Sql injection
The eotags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header...
GHSA-83M2-9G78-RRJ4 Apache Ranger Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...
Directum Cross-Site Scripting Vulnerability
Directum is an application system of the Russian company Directum. An intelligent digital process and documentation system. A cross-site scripting vulnerability exists in Settings.aspx?view=About in Directum version 5.8.2. An attacker can exploit this vulnerability via the HTTP User-Agent header ...
Cross site scripting
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header...
CVE-2021-31794
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header...
container-tools:2.0 security update
buildah 1.11.6-8.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-8 - exclude i686 arch - Related: 1821193 1.11.6-7 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file...
container-tools:1.0 security update
buildah 1.5-8.gite94b4f9.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.5-8.gite94b4f9 - bump release to preserve upgrade path - Related: 1821193 1.5-4.gite94b4f9 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build proces...
Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure
!/usr/bin/perl Amovision AM-Q6320-WIFI HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
container-tools:ol8 security, bug fix, and enhancement update
buildah 1.11.6-4.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-4 - compile in FIPS mode - Related: RHELPLAN-25138 1.11.6-3 - be sure to use golang = 1.12.12-4 - Related: RHELPLAN-25138 1.11.6-2 - fix chroot: unmount with MNTDETACH instead of UnmountMountpoints - bug...
Design/Logic Flaw
b3log Symphony aka Sym before 3.6.0 has XSS via the HTTP User-Agent header...
CVE-2019-17488
CVE-2019-17488 affects b3log Symphony (Sym) before 3.6.0, where a cross-site scripting (XSS) vulnerability exists via the HTTP User-Agent header. The connected CNVD entry notes the root cause as lack of proper validation of client-side data by the web application, enabling potential client-side c...
Sql injection
core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...
CVE-2019-13086
core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...
CVE-2019-13086
CSZ CMS 1.2.2 (before 2019-06-20) contains a SQL injection in core/MY_Security.php at the member/login/check path, triggered by a crafted HTTP User-Agent header and omission of the csrf_csz parameter. Root cause: lack of validation/sanitization in the SQL statement when processing the User-Agent ...
Securimage HTML Injection Vulnerability
Securimage is an open source free PHP CAPTCHA script for generating complex CAPTCHA images and CAPTCHA code. An HTML injection vulnerability exists in Securimage 3.6.4 and earlier versions. A remote attacker can send the '$SERVER'HTTPUSERAGENT'' parameter to the exampleform.ajax.php or...
CVE-2015-0265
Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...
Cross site scripting
Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...
CVE-2015-0265
Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...