Http4s访问控制错误漏洞

http4s is an open source streaming HTTP server for Scala. An access control error vulnerability exists in Http4s that stems from the default CORS configuration being vulnerable to source reflection attacks. The following products and versions are affected: 0.21.26 and earlier, 0.22.0 through...

Indexhibit Cross-Site Scripting Vulnerability (CNVD-2021-67909)

Indexhibit is a web-based content management system. A reflection-based cross-site scripting vulnerability exists in the /plugin/ajax.php component of Indexhibit version 2.1.5. An attacker could use this vulnerability to execute arbitrary web script or HTML...

Indexhibit 跨站脚本漏洞

Indexhibit is a web-based content management system. A reflection-based cross-site scripting vulnerability exists in the /plugin/ajax.php component of Indexhibit version 2.1.5. An attacker could use this vulnerability to execute arbitrary web script or HTML...

Web Censorship Systems Can Facilitate Massive DDoS Attacks

Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service DDoS attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be “extremely...

Exploit for Cross-site Scripting in Chikitsa Patient_Management_System

CVE-2021-38149 Chikitsa Patient Management System 2.0.0 Stored...

CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

CVE-2021-27495

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint...

CVE-2021-27495

CVE-2021-27495 affects Ypsomed mylife Cloud and mylife App: the system reflects the user password during login after redirecting from HTTPS to HTTP. Affected versions are mylife Cloud all versions before 1.7.2 and mylife App all versions before 1.7.5. The issue is due to improper handling of cred...

Microsoft Windows EFSRPC NTLM Reflection Elevation of Privilege (PetitPotam) (Remote)

Binary data windowspetitpotam.nbin...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2421-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require th...

EulerOS Virtualization 3.0.2.2 : bind (EulerOS-SA-2021-2127)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Bind-utils contains a collection of utilities for querying DNS Domain Name System name servers to find out information about Intern...

Unspecified vulnerability in Ypsomed mylife App (CNVD-2021-69617)

Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App by Ypsomed has a security vulnerability that reflects...

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

UBUNTU-CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

Exploit for Unsafe Reflection in Vmware Vcenter_Server

No d...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

Deserialization of untrusted data

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

CTS Web transaction system 跨站脚本漏洞

The CTS Web transaction system is a CTS Web transaction system from Taiwan's Cascade Information Corporation. A cross-site scripting vulnerability exists in the CTS Web transaction system, which stems from the fact that the specific functional parameters of the transaction system do not filter...

DEBIAN-CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...