27 matches found
python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters
The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...
python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters
The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...
The vulnerability of the parse_query method (class-wp-query.php) in the WordPress content management system allows a hacker to access confidential data.
The vulnerability of the parsequery method class-wp-query.php in the WordPress content management system is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...
PT-2020-3603 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: In affected versions of WordPress, some priva...
CVE-2012-5953
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service infinite loop via a crafted query string...
Design/Logic Flaw
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service infinite loop via a crafted query string...
dnrd 2.10 dos
Program: dnrd Version: 2.10 Distro: n/a Problem: There are various problems with dnrd's dns request and reply functions, that cause it to crash. Reproduce: Using two consoles, I did the following Terminal one got: andrewg@blackhole /data/audit/dnrd-2.10/src$ gdb dnrd GNU gdb 5.0rh-5 Red Hat Linux...