Oracle WebLogic Server 输入验证错误漏洞

Oracle WebLogic Server is an Oracle application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application deployment an...

Oracle Essbase 安全漏洞

Oracle Essbase is an application from Oracle Corporation Oracle. enables organizations to quickly generate insights from multidimensional data sets using what-if analysis and data visualization tools. A security vulnerability exists in Oracle Essbase's Essbase Administration Services product that...

Google Chrome 资源管理错误漏洞

Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Profiles in versions prior to Google Chrome 95.0.4638.54. A remote attacker exploited this vulnerability to potentially exploit heap corruption via a crafted HTML page...

LedgerSMB 安全漏洞

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, and more. A security vulnerability exists in LedgerSMB that stems from LedgerSMB not setting the Secure attribute on the session authorization...

HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

DEBIAN-CVE-2021-37959

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page...

PT-2021-23485 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36.3 Description: An issue was discovered in the GlobalWatchlist extension where the rev-deleted-user and ntimes messages were not properly escaped, allowing users to inject HTML and JavaScript. Recommendations:...

Forcepoint NGFW Engine 安全漏洞

Forcepoint NGFW Engine is a next-generation firewall solution from Forcepoint Corporation. A security vulnerability exists in Forcepoint NGFW Engine that originates from a TCP reflection amplification vulnerability in the affected software if the user configures HTTP User Response...

Google Chrome 资源管理错误漏洞

Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 94.0.4606.71. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...

GHSA-F794-R6XC-HF3V Improper Access Control in passport-oauth2

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...

PT-2021-23387 · Zeek · Zeek

Name of the Vulnerable Software and Affected Versions: zeek version 4.1.0 Description: An issue was discovered in zeek that involves a HTTP request splitting vulnerability. This vulnerability will invalidate any ZEEK HTTP based security analysis. Recommendations: For zeek version 4.1.0, at the...

The vulnerability of the HTMLparser function in the TYPO3 content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the HTMLparser function in the TYPO3 content management system exists because measures are not taken to protect the structure of web pages when processing HTML tags and attributes. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

DEBIAN-CVE-2021-39214

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

The vulnerability of TCP/IP NicheLite and InterNiche, related to improper handling of exceptional states, allows attackers to trigger a service failure.

The vulnerability of TCP/IP NicheLite and InterNiche relates to improper handling of exceptional states during HTTP requests processing. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of validation for XML object sequences, allowing attackers to execute arbitrary SQL commands.

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using specially crafted HTTP requests...

UBUNTU-CVE-2021-39202

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the cust...

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the header...

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. An attacker can use this vulnerability to execute arbitrary Web scripts or HTML...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A buffer overflow vulnerability exists in Mozilla Firefox, which stems from a boundary error in the product's handling of HTML content. A remote attacker could exploit the vulnerability to create a specially crafted W...

The vulnerability of the Util/PHP/eval-stdin.php component of the PHPUnit framework, which allows a hacker to execute arbitrary PHP code.

The vulnerability of the Util/PHP/eval-stdin.php component of the PHPUnit framework is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code using a specially crafted HTTP POST request...