Lucene search
+L

7 matches found

Huntr
Huntr
added 2022/10/06 4:37 p.m.17 views

Improper Name Validation in Upload Document Form

Description The name of any uploaded document can be manipulated using the destination parameter, to include new line characters in its name, breaking the execution of JS code in "New Documents" section from "Miscellaneous" menu, that will be blank until the document is removed from DB. Proof of...

5CVSS0.1AI score0.00862EPSS
Exploits1
Veracode
Veracode
added 2022/03/22 6:41 a.m.37 views

Improper Input Validation

guzzlehttp/psr7 is vulnerable to improper input validation. The vulnerability exists in the normalizeHeaderValue function in the MessageTrait.php file allowing an attacker to modify the new line character with an untrusted value...

7.5CVSS4.1AI score0.02384EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2022/03/21 7:15 p.m.19 views

CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS0.02384EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/03/21 7:15 p.m.47 views

CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS7.1AI score0.02384EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2022/03/21 7:0 p.m.152 views

CVE-2022-24775

guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...

7.5CVSS7.3AI score0.02384EPSS
Exploits0
Prion
Prion
added 2018/07/26 3:29 p.m.21 views

Privilege escalation

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

7.2CVSS7.9AI score0.05059EPSS
Exploits7References9Affected Software2
Debian CVE
Debian CVE
added 2015/06/09 2:0 p.m.57 views

CVE-2015-3200

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

7.5CVSS7.7AI score0.09978EPSS
Exploits1
Rows per page
Query Builder