19 matches found
EUVD-2022-3252
Malicious code in bioql PyPI...
CVE-2023-29712
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter...
CVE-2023-29712
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter...
CVE-2023-29712
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter...
Cross site scripting
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter...
CVE-2023-29712
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter...
Vade Secure Gateway 跨站脚本漏洞
Vade Secure Gateway is an engineering intelligence-driven collaborative email security from Vade Secure. A security vulnerability exists in Vade Secure Gateway that stems from a cross-site scripting vulnerability in the X-Rewrite-URL parameter...
PT-2023-22368 · Vade Secure · Vade Secure Gateway
Name of the Vulnerable Software and Affected Versions: Vade Secure Gateway affected versions not specified Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. This enables the attacker to potentially...
GHSA-PGH6-M65R-2RHQ DOS and Open Redirect with user input
Impact A redirect vulnerability in the fastify-static module allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e. A DOS vulnerability is possible if the URL contains inval...
GHSA-P6VG-P826-QP3V URL Redirection to Untrusted Site ('Open Redirect') in fastify-static
Impact A redirect vulnerability in the fastify-static module allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e. The issue shows up on all the fastify-static applications that set...
Clario: Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com
Summary Normally a client can't access /admin directory because of front nginx server which returns 403. But we can use X-Rewrite-Url or X-original-url because back server processes these headers and front server doesn't. Steps to reproduce: This request shows normal behavior curl -i -s -k -X...
CVE-2018-17133
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting...
Code injection
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting...
CVE-2018-17133
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting...
CVE-2018-17133
CVE-2018-17133 affects PHPMyWind 5.5, where admin/web_config.php allows an Admin user to execute arbitrary code via the rewrite url setting. Root cause is improper handling of URL rewrite configuration leading to code execution with admin privileges. Impact is arbitrary code execution; CVSS notes...
Sensio Labs Symfony Security Bypass Vulnerability (CNVD-2018-21473)
Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security bypass vulnerability exists in Http Foundation ...
DEBIAN-CVE-2018-14773
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...
UBUNTU-CVE-2018-14773
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...
CVE-2018-14773
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...