Lucene search
K

27 matches found

RedHat Linux
RedHat Linux
added 2021/11/09 5:54 p.m.11 views

python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

5.9CVSS6.8AI score0.35963EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/05/18 3:39 p.m.3 views

python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

5.9CVSS6.8AI score0.35963EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2020/08/14 12:0 a.m.8 views

The vulnerability of the parse_query method (class-wp-query.php) in the WordPress content management system allows a hacker to access confidential data.

The vulnerability of the parsequery method class-wp-query.php in the WordPress content management system is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

7.5CVSS7.3AI score0.02334EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2020/04/30 12:0 a.m.12 views

PT-2020-3603 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: In affected versions of WordPress, some priva...

9.8CVSS7.3AI score0.4375EPSS
Exploits16References74
NVD
NVD
added 2013/02/20 12:9 p.m.15 views

CVE-2012-5953

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service infinite loop via a crafted query string...

4.3CVSS6.4AI score0.01321EPSS
Exploits0References3
Prion
Prion
added 2013/02/20 12:9 p.m.16 views

Design/Logic Flaw

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service infinite loop via a crafted query string...

4.3CVSS6.9AI score0.01321EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2002/01/22 12:0 a.m.22 views

dnrd 2.10 dos

Program: dnrd Version: 2.10 Distro: n/a Problem: There are various problems with dnrd's dns request and reply functions, that cause it to crash. Reproduce: Using two consoles, I did the following Terminal one got: andrewg@blackhole /data/audit/dnrd-2.10/src$ gdb dnrd GNU gdb 5.0rh-5 Red Hat Linux...

7.1AI score
Exploits0
Rows per page
Query Builder