Lucene search
+L

198 matches found

Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.4 views

PT-2023-29248 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.17.1 Description: A Server-Side Request Forgery issue in the OpenID Connect Issuer allows authenticated remote attackers to send GET requests to arbitrary URLs through the request uri authorization parameter...

4.3CVSS4.5AI score0.00549EPSS
Exploits0References19
Veracode
Veracode
added 2023/09/18 11:45 a.m.21 views

Cross Site Scripting (XSS)

cecilapp/cecil is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is caused by not sanitizing and escaping special characters in the request URI path for the Cecil site generated by cecil serve when 404.html is not configured. This can lead to unauthenticated remote attackers...

6.1CVSS6.7AI score0.00446EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/08/29 11:34 a.m.28 views

Open Redirect

Apache tomcat is vulnerable to Open Redirect Vulnerability. The vulnerability arises due to not validating/sanitizing the request uri used to redirect a user back to the original page after a successful form submission. The attacker can redirect a user to any malicious crafted url leading to open...

6.1CVSS6.8AI score0.05972EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2023/04/29 2:15 a.m.6 views

CVE-2023-2420

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...

9.8CVSS6.6AI score0.00737EPSS
Exploits1References3
Prion
Prion
added 2023/04/29 2:15 a.m.21 views

Sql injection

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...

6.5CVSS9.7AI score0.00737EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/29 12:0 a.m.10 views

PT-2023-19474 · Mlecms · Mlecms

Name of the Vulnerable Software and Affected Versions: MLECMS version 3.0 Description: A critical issue affects the get url function in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $ SERVER'REQUEST URI' leads to SQL injection. The...

9.8CVSS7.5AI score0.00737EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.11 views

PT-2023-16624 · WordPress · Vk All In One Expansion Unit

Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit WordPress plugin versions prior to 9.87.1.0 Description: The issue concerns the failure to escape the REQUEST URI parameter before outputting it back in an attribute, potentially leading to Reflected Cross-Site...

6.1CVSS8.9AI score0.00519EPSS
Exploits2References6
OSV
OSV
added 2023/03/15 11:15 p.m.60 views

UBUNTU-CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

7.5CVSS5.8AI score0.00969EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.3 views

SUSE CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

4.3CVSS6AI score0.03326EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.3 views

SUSE CVE-2016-5114

sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and buffer overflow via a long...

9.1CVSS8.7AI score0.04489EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...

6.3CVSS8.5AI score0.79949EPSS
Exploits0References8
OSV
OSV
added 2023/02/08 8:15 p.m.14 views

UBUNTU-CVE-2023-25151

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

7.5CVSS7AI score0.00973EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.44 views

EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

9.8CVSS8AI score0.99999EPSS
Exploits10References15
CNNVD
CNNVD
added 2022/12/30 12:0 a.m.5 views

imageserve 跨站脚本漏洞

imageserve is a ShareX image hosting solution for Tom Individual Developer's own domain. A cross-site scripting vulnerability exists in imageserve that stems from cross-site scripting due to misuse of the parameter REQUESTURI...

6.1CVSS4.8AI score0.00605EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.7 views

PT-2022-24626 · WordPress · Wp-Affiliate-Platform

Name of the Vulnerable Software and Affected Versions: WP Affiliate Platform plugin for WordPress versions up to, and including, 6.3.9 Description: The issue is related to Reflected Cross-Site Scripting via the $ SERVER"REQUEST URI" variable, caused by insufficient input sanitization and output...

6.1CVSS6.1AI score0.0058EPSS
Exploits0References7
NVD
NVD
added 2022/11/26 3:15 a.m.20 views

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

9.1CVSS0.00972EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/26 12:0 a.m.5 views

drachtio-server 缓冲区错误漏洞

drachtio-server is a drachtio open source SIP server built on the sofia SIP stack. A buffer error vulnerability exists in drachtio-server version 0.8.18, which stems from the fact that an attacker can submit an overly long Request-URI via an INVITE request resulting in an out-of-bounds read of a...

9.1CVSS8.5AI score0.00972EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/26 12:0 a.m.7 views

PT-2022-27678 · Unknown · Drachtio-Server

Name of the Vulnerable Software and Affected Versions: drachtio-server versions prior to 0.8.19 Description: The issue is a heap-based buffer over-read that occurs when a long Request-URI is sent in an INVITE request. This can be exploited via the Request-URI in an INVITE request. Recommendations...

9.1CVSS9.1AI score0.00972EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2022/11/26 12:0 a.m.6 views

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

7.3AI score0.00972EPSS
Exploits0References3
OSV
OSV
added 2022/11/26 12:0 a.m.13 views

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

9.1CVSS7AI score0.00972EPSS
Exploits0References5
Rows per page
Query Builder