Astra Linux - уязвимость в curl

When performing HTTPS transfers, libcurl may incorrectly use the read callback CURLOPTREADFUNCTION to request data to be sent, even when the CURLOPTPOSTFIELDS option has been set. This occurs if the same handle was previously used to issue a PUT request that utilized that callback. This flaw may...

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These...

EUVD-2020-18417

Malware in sbrugna...

CVE-2020-25766

An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page...

MISP Link Jumping Vulnerability

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.132. The vulnerability stems...

CVE-2020-25766

An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page...

Code injection

An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page...

CVE-2020-25766

An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page...

[ MDVSA-2014:213 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:213 http://www.mandriva.com/en/support/security/ Package : curl Date : November 18, 2014 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: Symeon Paraschoud...

MGASA-2014-0444 Updated curl packages fix CVE-2014-3707

Updated curl packages fix security vulnerability: Symeon Paraschoudis discovered that the curleasyduphandle function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...

Debian: Security Advisory (DSA-3069-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-0287

Cross-site scripting XSS vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected"...

CVE-2012-0287

Cross-site scripting XSS vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected"...

CVE-2012-0287

Cross-site scripting XSS vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected"...

CVE-2012-0287

Cross-site scripting XSS vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected"...

WebTrends Enterprise Reporting Server 1.5 - Negative Content Length Denial of Service

source: https://www.securityfocus.com/bid/569/info Specifying a negative content-length in a POST operation to the WebTrends Enterprise Reporting Server will crash the web server. !/usr/bin/perl -w Example DoS against WebTrends Enterprise Reporting Server 8/8/99 rpc use IO::Socket; die "usage: $0...