CVE-2022-21690 Cross-Site Scripting in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...

OnionShare 跨站脚本漏洞

OnionShare is an open source tool used to securely and anonymously share files, host websites, and chat with friends using the Tor network. Used to securely and anonymously share files, host websites, and chat with friends using the Tor network, a security vulnerability exists in OnionShare that...

glibc 安全漏洞

glibc GNU C Library is the C standard library implemented by the GNU Project. A security vulnerability exists in the GNU C Library also known as glibc, which stems from the use of the deprecated compatibility function svcunix create in the sunrpc module to copy its path parameter onto the stack...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

CVE-2021-26615

ARK library allows attackers to execute remote code via the parameterpath value of ArkNormalizeAndDupPAthNameW function because of an integer overflow...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

CVE-2021-32482

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter...

Design/Logic Flaw

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter...

CVE-2021-32482

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter...

CVE-2021-32482

CVE-2021-32482 affects Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x. Multiple connected sources describe a Cross‑Site Scripting (XSS) vulnerability exploitable via a path parameter. The root cause is an XSS condition in the path handling of Cloudera Manager; explicit exploit details, affect...

CVE-2021-33800

In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal...

CVE-2021-23624

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...

Type confusion

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...

Alibaba Druid 路径遍历漏洞

Alibaba Druid is an open source database connection pool for monitoring and control, produced by the DataWorks team, an Alibaba cloud computing platform. A security vulnerability exists in Alibaba Druid version 1.2.3, which stems from the software's lack of effective filtering and restriction of...

RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

CVE-2020-36377

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

CVE-2020-26707

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...

CVE-2020-36379

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the packageCmd function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...

Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the list function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...