Lightmeter ControlCenter 安全漏洞

Lightmeter ControlCenter is a Lightmeter open source application . A monitoring and analysis system for Postfix mail servers . A security vulnerability exists in Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1, which stems from the fact that anyone who knows the URL of a publicly...

GHSA-PR5M-4W22-8483 NanoHTTPD Cross-site Scripting vulnerability

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...

Design/Logic Flaw

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...

NanoHTTPD Cross-Site Scripting Vulnerability

LordFokas NanoHTTPD is an application for GlobalLordFokas individual developers. It provides a lightweight HTTP server designed for embedding in other applications. A cross-site scripting vulnerability exists in NanoHTTPD through 2.3.1, which stems from the GeneralHandler GET handler printing use...

Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-02805)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.3 and earlier versions. The vulnerability can be exploited by an attacker to conduct a cross-site...

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

Design/Logic Flaw

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

Sql injection

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

UBUNTU-CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-35545

Removed by vendor...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

WP DB Error Manager <= 2.1.6 - Reflected Cross-Site Scripting (XSS)

Reflected XSS in the file "admin/partials/wp-db-error-manager-login-display.php" in parameter "email" query string PoC https://example.com/wp-content/plugins/wp-database-error-manager/admin/partials/wp-db-error-manager-login-display.php?email=%22%3E%3Cimg%20src%20onerror=alert/XSS/%3E...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the PHP 7+ versions, but the bug itself is present in earlier versions. The exploit works by setting the...

GHSA-C3PX-V9C7-M734 Prototype Pollution in mithril

Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. A payload such as proto%5BtoString%5D=123 in...