FreeBSD : traefik -- Bypassing security controls via special characters (91b9790e-de65-11f0-b893-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91b9790e-de65-11f0-b893-5404a68ad561 advisory. The traefik project reports: There is a potential vulnerability in Traefik managing the requests using ...

SUSE CVE-2025-66490

Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters /, , Null,...

PT-2025-49684

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.32 and 2.11.31 through 3.6.2 Description Traefik is an HTTP reverse proxy and load balancer. Requests using PathPrefix, Path, or PathRegex matchers can bypass path normalization. When Traefik uses path-based...

traefik -- Bypassing security controls via special characters

The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted...

CVE-2024-54128

Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application...

CVE-2024-54128

Directus (Comment feature) is vulnerable to HTML injection because a client-side filter for restricted characters can be bypassed. The CVE notes that this bypass enables injection of HTML content, with documented impact and a fix in versions 10.13.4 and 11.2.0. Affected components: Directus core ...

httpd: Apache HTTP Request Parsing Whitespace Defects

It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a...

printf(1) via PHP magic_quotes Utility Command Encoder

This encoder uses the printf1 utility to avoid restricted characters. Some shell variable substitution may also be used if needed symbols are blacklisted. Some characters are intentionally left unescaped since it is assumed that PHP with magicquotesgpc enabled will escape them during request...

Novell Messenger Server 2.0 - 'Accept-Language' Remote Overflow (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...