Important: squid

Issue Overview: An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decod...

PT-2023-7871 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the Custom Includes module of Nagios XI, which is vulnerable to unrestricted file upload of dangerous types. This could allow a remote attacker to execute arbitrar...

CVE-2023-33665

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

Sql injection

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

CVE-2023-33666

ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

CVE-2023-33666

ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

PrestaShop ai-dev aitable SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop ai-dev aitable, which originates from an SQL injection that can be...

CVE-2023-33665

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

Sql injection

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

PT-2023-24443 · Unknown · Ai-Dev Aicombinationsonfly

Name of the Vulnerable Software and Affected Versions: ai-dev aicombinationsonfly versions prior to 0.3.1 Description: The issue is a SQL injection vulnerability. It affects the component /includes/ajax.php. Recommendations: For versions prior to 0.3.1, update to version 0.3.1 or later to resolve...

CVE-2023-37304

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...

Path Traversal

swig-templates is vulnerable to Path Traversal. The vulnerability exists due to improper template restrictions which allows an attacker to access and read the files outside the restricted directory through the include or extends tags...

WordPress plugin Qtranslate Slug 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

SUSE CVE-2009-1195

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...

SUSE CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

SUSE CVE-2016-1238

1 cpan/Archive-Tar/bin/ptar, 2 cpan/Archive-Tar/bin/ptardiff, 3 cpan/Archive-Tar/bin/ptargrep, 4 cpan/CPAN/scripts/cpan, 5 cpan/Digest-SHA/shasum, 6 cpan/Encode/bin/enc2xs, 7 cpan/Encode/bin/encguess, 8 cpan/Encode/bin/piconv, 9 cpan/Encode/bin/ucmlint, 10 cpan/Encode/bin/unidump, 11...

SUSE CVE-2016-2570

The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...

SUSE CVE-2016-4053

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes ESI responses, related to incorrect use of assert and compiler optimization...

SUSE CVE-2016-4555

clientsiderequest.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service crash via crafted Edge Side Includes ESI responses...

SUSE CVE-2016-4556

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service crash via a crafted Edge Side Includes ESI response...