35 matches found
python: CRLF injection via the path part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080)
According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...
CVE-2019-0220
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...
CVE-2019-0220
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...
CVE-2019-0220
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...
CVE-2019-0220
CVE-2019-0220 affects Apache HTTP Server 2.4.0–2.4.38. The issue arises when the path component of a request URL contains multiple consecutive slashes; directives like LocationMatch and RewriteRule must account for duplicates in regular expressions because the server may collapse or mishandle the...
CVE-2019-0220
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...
Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Windows
When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server < 2.4.39 Multiple Vulnerabilities
Binary data 700509.prm...
UBUNTU-CVE-2019-9947
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...
Directory traversal
Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and ...
PT-2017-17724 · Proftpd +2 · Proftpd +2
Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.5e ProFTPD versions 1.3.6 prior to 1.3.6rc5 Description: The issue allows attackers with local access to bypass the AllowChrootSymlinks control by replacing a path component other than the last one with a symboli...
kernel: fs: slab corruption due to the invalid last component type during do_filp_open()
The dofollowlink function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service incorrect free operations and system crash via an open system call...
httpd: mod_proxy_ftp globbing XSS
A flaw was found in the modproxyftp module. Where Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack. CVE-2008-2939...
Fedora Core 4 : kernel-2.6.16-1.2107_FC4 (2006-500)
An update to the latest upstream -stable snapshot 2.6.16.13 Among quite a few bug-fixes, are two security related fixes : Don't allow a backslash in a path component CVE-2006-1863 NETFILTER: SCTP conntrack: fix infinite loop CVE-2006-1527 Detailed changelogs of the last few point releases can be...