EUVD-2009-2993

Malware in sbrugna...

OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: ruby/uri Fix quadratic backtracking on invalid relative URI ruby/time Make RFC2822 rege...

MantisBT Admin SQL Injection Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MantisBT Admin SQL Injection Arbitrary File Read", 'Description' = %q Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if ...

Open Redirects

joi is vulnerable to open redirect attacks. This is due to the library not checking for relative uri pathing...

MantisBT 'adm_config_report.php' SQL注入漏洞

Bugtraq ID:65903 CVE ID:CVE-2014-2238 MantisBT是一个基于web的流行bug跟踪系统。 MantisBT 'admconfigreport.php'不正确过滤用户提交的POST参数数据，允许远程攻击者利用漏洞提交特制的SQL查询，可操作或获取数据库数据。 0 MantisBT 1.2.16 目前没有详细解决方案提供： http://www.mantisbt.org This file is part of the Metasploit Framework and may be subject to redistribution and...

Maxthon Address Bar Spoofing Vulnerability

This host is installed with Maxthon Browser and is prone to Address Bar Spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbmaxthonaddrbarspoofingvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Maxthon Address Bar Spoofing Vulnerability Authors: Sharath S Copyright: Copyright c 2009 Greenbone...

Maxthon Address Bar Spoofing Vulnerability

Maxthon Browser is prone to Address Bar Spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Avant Browser Address Bar Spoofing Vulnerability

This host is installed with Avant Browser and is prone to Address Bar Spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbavantbrowseraddrbarspoofingvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Avant Browser Address Bar Spoofing Vulnerability Authors: Sharath S Copyright: Copyright c 2009...

Avant Browser Address Bar Spoofing Vulnerability

Avant Browser is prone to Address Bar Spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

http-favicon NSE Script

Gets the favicon "favorites icon" from a web page and matches it against a database of the icons of known web applications. If there is a match, the name of the application is printed; otherwise the MD5 hash of the icon data is printed. If the script argument favicon.uri is given, that relative U...

Design/Logic Flaw

Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the sit...

Design/Logic Flaw

Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site...

CVE-2009-3004

Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the sit...

CVE-2009-3006

Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site...

CVE-2009-3008

The provided connected documents corroborate CVE-2009-3008 affecting K-Meleon 1.5.3, describing an address bar spoofing vulnerability. Attackers can cause the browser to display an arbitrary file: URL in the address bar by using window.open with a relative URI after the user has visited a file: U...

CVE-2009-3007

Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the...

CVE-2009-3003

Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the...