14 matches found
CVE-2026-0603
CVE-2026-0603 : A second-order SQL injection vulnerability in Hibernate Core via the InlineIdsOrClauseBuilder allows a remote attacker with low privileges to craft non-alphanumeric IDs to read sensitive data (e.g., system files) and manipulate or delete data, causing an application‑level denial o...
SQL Injection
Overview org.hibernate:hibernate-core is a library providing Object/Relational Mapping ORM support to applications, libraries, and frameworks. Affected versions of this package are vulnerable to SQL Injection via the InlineIdsOrClauseBuilder component when unsanitized non-alphanumeric characters...
Code injection
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...
Incorrect Authorization in Dolibarr
core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...
GHSA-4X63-3P7Q-XMH7 Jenkins HTML Publisher Plugin path traversal vulnerability
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. In version 1.16, non-alphanumeric characters in report names a...
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
oooooooq reports: The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names...
CVE-2020-12669
core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...
Cross-site Scripting (XSS)
sockjs is vulnerable to cross-site scripting XSS. The attack exists because it does sanitize the callback parameter in lib/transport/htmlfile.js for non-alphanumeric symbols, allowing an attacker to inject malicious scripts...
RedHat Update for sudo RHSA-2012:1149-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS 5 : sudo (CESA-2012:1149)
An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
sudo security update
CentOS Errata and Security Advisory CESA-2012:1149 An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...
SSH password weakness
Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...
CVE-2007-3596
CVE-2007-3596 affects phpVideoPro up to version 0.8.7 (before 0.8.8). The vulnerability is in inc/vul_check.inc where the sess_id parameter accepts non‑alphanumeric characters. The impact is described as unknown (no explicit impact or attack vector details beyond a likely cross‑site scripting sug...
CVE-2001-1497
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password...