Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in the DevTools component of Google Chrome versions prior to 105.0.5195.125. An attacker can exploit this vulnerability to convince users to install a malicious extension that bypasses...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. A heap buffer overflow vulnerability exists in the Internals component of Google Chrome versions prior to 105.0.5195.125. An attacker can exploit this vulnerability to leverage heap corruption via specially crafted HTML pages...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform allows a malicious individual to gain unauthorized access to read, modify, or add data, or to cause service interruptions.

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add...

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform allows a malicious individual to gain unauthorized access to read, modify, or add data, or to cause service interruptions.

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add...

The vulnerability of the Integration Broker component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Integration Broker component in the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information using the HTTP...

The vulnerability of the Access Request sub-component of the Oracle iReceivables component in the Oracle E-Business Suite automation system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Access Request subcomponent of the Oracle iReceivables component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected informati...

The vulnerability of the Worklist sub-component of the Workflow component in the Oracle E-Business Suite allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Worklist sub-component of the Workflow component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the...

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

CVE-2022-37953

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST v07.09.15 and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantl...

PT-2022-23924 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 6.11 P3 Archer Platform version 6.10 P4 is not affected, however versions prior to 6.10 P4 are affected. Description: The issue allows an authenticated remote attacker to potentially exploit an HTML injection...

PT-2022-17348

Name of the Vulnerable Software and Affected Versions Duplicator WordPress plugin versions prior to 1.4.7 Description The issue concerns the lack of authentication or authorization for visitors, allowing them to view sensitive system information, including server software, PHP version, and the fu...

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool, related to code errors, allows an attacker to gain read access to data.

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data through HTTP requests...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6. An attacker exploits the vulnerability to access and take over resources via specially crafted HTTP requests...

The vulnerability of the Clientless SSL VPN (WebVPN) component of the Cisco Adaptive Security Appliance Software (ASA) allows a attacker to perform a “HTTP request hijacking” attack.

The vulnerability of the Clientless SSL VPN WebVPN component of the Cisco Adaptive Security Appliance Software ASA relates to deficiencies in HTTP request processing. Exploiting this vulnerability could allow a malicious actor to carry out an “HTTP request hijacking” attack...

The vulnerability of the HTTP/2 protocol implementation in the Apache Traffic Server allows a attacker to execute arbitrary code.

The vulnerability of the HTTP/2 protocol implementation in the Apache Traffic Server web server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

AZL-79116 CVE-2022-1705 affecting package golang 1.25.7-1

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

UBUNTU-CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

CVE-2022-31780

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...