Jupyter Server Security Vulnerability

Jupyter Server is an application from the Jupyter organization used to provide back-end services for Jupyter web applications. A security vulnerability exists in Jupyter Server versions prior to 2.11.2 that stems from an unhandled error in an API request that includes backtracking information pat...

WordPress User Meta Manager plugin path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A path traversal vulnerability exists in versions of the WordPress User Meta Manager plugin prior to...

CVE-2021-28911

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data e.g. device serial number. Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part...

PT-2021-3321 · Phpmailer · Phpmailer

Name of the Vulnerable Software and Affected Versions: PHPMailer versions prior to 6.5.0 Description: The issue is related to errors in handling the lang path parameter in the setLanguage function of the PHPMailer library. This can allow a remote attacker to execute arbitrary code if the lang pat...

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request then data can be provided which will trigger a second unexpected and user-defined HTTP request to made to the same server.

...

Denial of service

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

CVE-2020-6087

CVE-2020-6087 affects Allen-Bradley Flex IO 1794-AENT/B (Series B) via the ENIP Request Path Data Segment. The vulnerability occurs when the ANSI Extended Symbol Segment Sub-Type is used; the following byte is treated as the Data Size in words, and if it exceeds the packet data, the device faults...

CVE-2020-6086

CVE-2020-6086 affects Allen-Bradley Flex IO 1794-AENT/B (EtherNet/IP ENIP) in the ENIP Request Path Data Segment. The issue is triggered when a Simple Data Segment Sub-Type is used: the byte after the segment is treated as the Data Size in words, and if that value exceeds the remaining packet dat...

nodejs: HTTP request splitting

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

UBUNTU-CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

Reprise License Manager license editor cross-site scripting vulnerability

Reprise License Manager RLM is a set of license management software from Reprise, Inc. license editor is one of the certificate editors. A cross-site scripting vulnerability exists in the 'lf' parameter of the /goform/editlfgetdata URL of the license editor in Reprise RLM 12.2BL2 and earlier...

CVE-2017-11214

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF data related to rendering a path...

Ubuntu click privilege acquisition vulnerability

Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation.Ubuntu LTS is a long-supported version of Ubuntu. click is one of the filesystems in which third-party applications are installed in a simplified packaging format. A security vulnerability...

XSS vulnerability in bookmarks - ownCloud

A cross-site scripting XSS vulnerability in ownCloud before 4.5.5 and 4.0.10 allow remote attackers to inject arbitrary web script or HTML via the PATH data to index.php in apps/bookmark/ Affected Software ownCloud Server 4.5.5 CVE-2013-5666 ownCloud Server 4.0.10 CVE-2013-5666 Action Taken It is...

Server: XSS vulnerability in bookmarks

A cross-site scripting XSS vulnerability in ownCloud before 4.5.5 and 4.0.10 allow remote attackers to inject arbitrary web script or HTML via the PATH data to index.php in apps/bookmark/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...