30 matches found
EUVD-2021-14174
Malware in sbrugna...
EUVD-2023-0203
Malicious code in bioql PyPI...
EUVD-2023-32790
Malicious code in bioql PyPI...
CVE-2023-29189
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
CVE-2021-27420
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
BIT-CODEIGNITER-2022-24712
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...
CVE-2023-42457
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...
Server side request forgery (ssrf)
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...
CVE-2023-42457
The CVE-2023-42457 issue affects the plone.rest component of Plone. When the ++api++ traverser is accidentally used multiple times in a URL on the 2.x branch (before 2.0.1) and the 3.x branch (before 3.0.1), request handling becomes progressively slower, causing a Denial of Service risk by reduci...
CVE-2023-42457 plone.rest vulnerable to Denial of Service when ++api++ is used many times
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...
CVE-2023-42457 plone.rest vulnerable to Denial of Service when ++api++ is used many times
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...
CVE-2023-42457 plone.rest vulnerable to Denial of Service when ++api++ is used many times
plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...
CVE-2023-29189
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
Code injection
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
CVE-2023-29189
CVE-2023-29189 affects SAP CRM (WebClient UI) across multiple versions (S4FND 102–107, WEBCUIF, 700–801). The root cause is an issue in the web server handling where HTTP verbs can be modified by an authenticated attacker, with the application exposed over the network. Consequence: exposure of fo...
CVE-2021-27420
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
CVE-2021-27420
CVE-2021-27420 affects GE UR firmware prior to 8.1x, where the web server improperly handles unsupported HTTP verbs, causing the web server to become temporarily unresponsive though the relay remains functional. The vulnerability is documented across multiple connected sources (e.g., Nessus plugi...
CVE-2021-27420 GE UR family input validation
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
GHSA-4V37-24GM-H554 Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
Impact This vulnerability might allow remote attackers to bypass the CodeIgniter4 CSRF protection mechanism. Patches Upgrade to v4.1.9 or later. Workarounds These are workarounds for this vulnerability, but you will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF...
Cross site request forgery (csrf)
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...