234 matches found
lite-dev-server vulnerable to Directory Traversal
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
CVE-2022-25895
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
easy-static-server vulnerable to Directory Traversal
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
GHSA-WCWM-C3MR-PXCR easy-static-server vulnerable to Directory Traversal
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
PT-2022-24807 · Onedev · Onedev
Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. These artifact files are served by the...
CVE-2022-2046
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...
Open Source Social Network 代码问题漏洞
Open Source Social Network OSSN is a source social network engine from the Swiss OSSN team. A code issue exists in Open Source Social Network v6.3 LTS that allows an attacker to upload arbitrary files to the /ossn/administrator/cominstaller directory to execute arbitrary commands using carefully...
U.S. Dept Of Defense: SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS]
Summary: SQL injection SQLi is a vulnerability in which an application accepts input into an SQL statement and treats this input as part of the statement. Typically, SQLi allows a malicious attacker to view, modify or delete data that should not be able to be retrieved. An SQLi vulnerability was...
flatCore 代码注入漏洞
flatCore is a lightweight content management system CMS based on PHP and SQLite. A security vulnerability exists in flatCore-CMS v2.0.8, which stems from the lack of data filtering and escaping in /content/cache/activeurls.php and /content/cache/cachelastedit.php, which can be exploited by...
CVE-2021-32715
hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...
CVE-2022-20697 Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this...
CVE-2022-20697 Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper resource management in the HTTP server code. An attacker could exploit this...
CVE-2022-20697
The CVE-2022-20697 issue affects Cisco IOS Software and Cisco IOS XE Software web services. The vulnerability stems from improper resource management in the HTTP server code, enabling an authenticated, remote attacker to trigger a DoS by sending a large volume of HTTP requests, which can cause th...
FreeBSD : Subversion -- Multiple vulnerabilities in server code (3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2 advisory. - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal...
Subversion -- Multiple vulnerabilities in server code
Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...
Use-After-Free
libde265.so is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the server code of the file intrapred.h when decoding the file using dec265., leading to heap use-after-free...
CVE-2020-25560
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...
Hardcoded credentials
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...
CVE-2021-32715
hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...
Microsoft SharePoint Server Remote Code Execution Vulnerability
...