EUVD-2020-0856

Malware in sbrugna...

CVE-2025-41242 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

The vulnerability of the Header MVC framework for developing web systems and applications in CodeIgniter allows a attacker to trigger a service failure.

The vulnerability of the Header MVC framework used for developing web systems and applications in CodeIgniter relates to conflicts in interpretation when processing HTTP headers’ names and values. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Apache Struts File Upload Vulnerability

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts has a file upload...

Design/Logic Flaw

Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the sails.io.js client...

Apache Struts Denial of Service Vulnerability (CNVD-2023-55432)

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts there is a denial of...

uBidAuction 2.0.1 Cross Site Scripting

Document Title: =============== uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2289 Release Date: ============= 2022-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 228...

Debian DLA-2617-1 : php-nette security update

Cyku Hong from DEVCORE discovered that php-nette, a PHP MVC framework, is vulnerable to a code injection attack by passing specially formed parameters to URL that may possibly leading to remote code execution. For Debian 9 stretch, this problem has been fixed in version 2.4-20160731-1+deb9u1. We...

Design/Logic Flaw

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...

Debian DLA-2403-1 : rails security update

A potential Cross-Site Scripting XSS vulnerability was found in rails, a ruby based MVC framework. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing...

CVE-2020-15227

Removed by vendor...

Debian DLA-2251-1 : rails security update

Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application. CVE-2020-8164 Strong parameters bypass vector in ActionPack. In some cases us...

Moderate: Red Hat Security Advisory: CloudForms 5.0.1 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: CloudForms 4.7.8 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: rh-ror42-rubygem-actionpack security update

An update for rh-ror42-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Important: Red Hat Security Advisory: rh-ror50-rubygem-actionpack security update

An update for rh-ror50-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RHEL 6 : Ruby on Rails (RHSA-2013:0153)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view components...

Moderate: Red Hat Security Advisory: CloudForms 4.6.5 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2017-16220

wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

Directory traversal

wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...