Lucene search
+L

113 matches found

cvelist
cvelist
added 2020/12/09 4:45 p.m.37 views

CVE-2020-7787 Improper Authentication

This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is cause...

8.2CVSS8AI score0.01266EPSS
Exploits1References2
cvelist
cvelist
added 2020/10/01 4:46 p.m.27 views

CVE-2020-25018

Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization...

7.6AI score0.01139EPSS
Exploits0References2
osv
osv
added 2020/09/18 2:15 p.m.5 views

CVE-2020-15769

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL...

6.1CVSS6.4AI score0.00655EPSS
Exploits0References2
prion
prion
added 2020/09/18 2:15 p.m.13 views

Cross site scripting

An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL...

4.3CVSS6AI score0.00655EPSS
Exploits0References2Affected Software1
veracode
veracode
added 2020/07/04 3:14 a.m.19 views

Cross-site Request Forgery (CSRF)

jenkins is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL...

8.8CVSS5.2AI score0.01993EPSS
Exploits0References3Affected Software27
nvd
nvd
added 2020/06/16 10:15 p.m.26 views

CVE-2020-14210

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

6.1CVSS0.00996EPSS
Exploits0References2
osv
osv
added 2020/06/16 10:15 p.m.5 views

CVE-2020-14210

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

6.1CVSS6.3AI score0.00996EPSS
Exploits0References2
prion
prion
added 2020/06/16 10:15 p.m.15 views

Cross site scripting

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

4.3CVSS6AI score0.00996EPSS
Exploits0References2Affected Software2
cvelist
cvelist
added 2020/06/16 9:10 p.m.28 views

CVE-2020-14210

Reflected Cross-Site Scripting XSS vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking...

6AI score0.00996EPSS
Exploits0References2
cve
cve
added 2020/06/16 9:10 p.m.59 views

CVE-2020-14210

Concrete details found: MONITORAPP WAF (AIWAF‑VE/AIWAF‑4000) has a reflected XSS vulnerability due to insufficient validation of client data by the web application. Impact is client‑side code execution. No patch/version remediation is specified in the provided documents; exploitation status is no...

6.1CVSS6AI score0.00996EPSS
Exploits0References2Affected Software2
kitploit
kitploit
added 2020/02/29 8:40 p.m.144 views

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

7.1AI score
Exploits0References1
osv
osv
added 2020/01/06 1:15 p.m.16 views

CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...

9.8CVSS6.9AI score
Exploits0References2
nessus
nessus
added 2019/09/30 12:0 a.m.35 views

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

5.3CVSS6.2AI score0.1786EPSS
Exploits0References2
hackerone
hackerone
added 2019/09/08 3:45 p.m.26 views

New Relic: Passive stored XSS at Synthetics job result page (View resource)

Hey team, I've discovered a stored XSS at Synthetics job result page. There is a View resource link near every URL which was requested by a browser and this link href is the requested URL itself: F577804 All the URLs, the browser interacted with, are saved into the database by a minion, when the...

5.8AI score
Exploits0
nvd
nvd
added 2019/06/11 9:29 p.m.23 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.3AI score0.1786EPSS
Exploits0References40
prion
prion
added 2019/06/11 9:29 p.m.34 views

Path traversal

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5CVSS6.1AI score0.1786EPSS
Exploits0References40Affected Software5
osv
osv
added 2019/06/11 9:29 p.m.26 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.7AI score
Exploits0References40
debiancve
debiancve
added 2019/06/11 8:49 p.m.59 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6AI score0.1786EPSS
Exploits0
alpinelinux
alpinelinux
added 2019/06/11 8:49 p.m.54 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.7AI score0.1786EPSS
Exploits0
hackerone
hackerone
added 2019/03/26 10:13 a.m.39 views

Nextcloud: [Reflected XSS] In Request URL

In index.php file on 1765 we can see XSS: " Because NextCloud allow links like: '/index.php/ANYCONTENT' If we will do request like: POST /updater/index.php/h"alert1; HTTP/1.1 Host: vulns.local Content-Type: application/x-www-form-urlencoded Content-Length: 33 updater-secret-input=OURSECRET We wil...

3.5CVSS1.1AI score0.00729EPSS
Exploits0
Rows per page
Query Builder