198 matches found
PT-2023-29248 · Unknown · Lemonldap::Ng
Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.17.1 Description: A Server-Side Request Forgery issue in the OpenID Connect Issuer allows authenticated remote attackers to send GET requests to arbitrary URLs through the request uri authorization parameter...
Cross Site Scripting (XSS)
cecilapp/cecil is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is caused by not sanitizing and escaping special characters in the request URI path for the Cecil site generated by cecil serve when 404.html is not configured. This can lead to unauthenticated remote attackers...
Open Redirect
Apache tomcat is vulnerable to Open Redirect Vulnerability. The vulnerability arises due to not validating/sanitizing the request uri used to redirect a user back to the original page after a successful form submission. The attacker can redirect a user to any malicious crafted url leading to open...
CVE-2023-2420
A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...
Sql injection
A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...
PT-2023-19474 · Mlecms · Mlecms
Name of the Vulnerable Software and Affected Versions: MLECMS version 3.0 Description: A critical issue affects the get url function in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $ SERVER'REQUEST URI' leads to SQL injection. The...
PT-2023-16624 · WordPress · Vk All In One Expansion Unit
Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit WordPress plugin versions prior to 9.87.1.0 Description: The issue concerns the failure to escape the REQUEST URI parameter before outputting it back in an attribute, potentially leading to Reflected Cross-Site...
UBUNTU-CVE-2023-28097
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...
SUSE CVE-2007-5589
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
SUSE CVE-2016-5114
sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and buffer overflow via a long...
SUSE CVE-2018-5712
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...
UBUNTU-CVE-2023-25151
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...
EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...
imageserve 跨站脚本漏洞
imageserve is a ShareX image hosting solution for Tom Individual Developer's own domain. A cross-site scripting vulnerability exists in imageserve that stems from cross-site scripting due to misuse of the parameter REQUESTURI...
PT-2022-24626 · WordPress · Wp-Affiliate-Platform
Name of the Vulnerable Software and Affected Versions: WP Affiliate Platform plugin for WordPress versions up to, and including, 6.3.9 Description: The issue is related to Reflected Cross-Site Scripting via the $ SERVER"REQUEST URI" variable, caused by insufficient input sanitization and output...
CVE-2022-45909
drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...
drachtio-server 缓冲区错误漏洞
drachtio-server is a drachtio open source SIP server built on the sofia SIP stack. A buffer error vulnerability exists in drachtio-server version 0.8.18, which stems from the fact that an attacker can submit an overly long Request-URI via an INVITE request resulting in an out-of-bounds read of a...
PT-2022-27678 · Unknown · Drachtio-Server
Name of the Vulnerable Software and Affected Versions: drachtio-server versions prior to 0.8.19 Description: The issue is a heap-based buffer over-read that occurs when a long Request-URI is sent in an INVITE request. This can be exploited via the Request-URI in an INVITE request. Recommendations...
CVE-2022-45909
drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...
CVE-2022-45909
drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...