15 matches found
QEMU 安全漏洞
QEMU Quick Emulator is a simulation software for processors developed by Fabrice Bellard from France. This software features high speed and cross-platform capabilities. QEMU has a security vulnerability, which stems from the lack of length restrictions on the virtio-crypto device. This...
EUVD-2013-2625
Malware in sbrugna...
Denial Of Service (DoS)
shopware/core is vulnerable to Denial of Service DoS. The vulnerability is due to lack of input length restrictions and inefficient processing of long password inputs, which allows attackers to consume excessive server resources...
PT-2025-12176 · Unknown · Open-Webui/Open-Webui
Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: A vulnerability allows an unauthenticated attacker to sign up with excessively large text in the name field, causing the Admin panel to become unresponsive. This prevents administrators from...
CVE-2022-31631
A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplie...
Input validation
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters inpu...
EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)
According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...
Semrush: IDOR in the https://market.semrush.com/
Insecure direct object references in marketplace due to a length restrictions in chosen hashing function...
CVE-2019-18677
An issue was discovered in Squid 3.x and 4.x through 4.8 when the appenddomain setting is used because the appended characters do not properly interact with hostname length restrictions. Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be...
CVE-2019-18677
CVE-2019-18677 affects Squid 3.x and 4.x up to 4.8 where the append_domain setting can cause improper message processing, leading to traffic being redirected to origins that should not be delivered to. This is confirmed in multiple advisories (e.g., ALAS2-2023-2318) listing CVE-2019-18677 as a se...
Legal Robot: first name and last name restrictions bypass
A security researcher discovered that the maximum lengths of the first name and last name fields were set to 32 characters at registration and 50 characters when using the profile update form. There was no security impact and no sensitive data was compromised. Thanks to @flashdisk for pointing ou...
Design/Logic Flaw
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.51089.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.52249.0.2A FP3 does not enforce password-length restrictions, which...
CVE-2016-5996
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.51089.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.52249.0.2A FP3 does not enforce password-length restrictions, which...
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 's...
McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure', 'Description' = %q This module will exploit a...