17 matches found
SUSE CVE-2026-22689
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...
CVE-2026-22689
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...
CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...
CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...
CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...
mail/mailpit -- Cross-Site WebSocket Hijacking
Mailpit author reports: The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailp...
CVE-2020-11547
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself CPU usage, memory, Windows version, and internal statistics via an HTTP request, as demonstrated by type=probes to login.htm or index.htm...
CVE-2024-22196
CVE-2024-22196 affects nginx-ui (Go) where OrderAndPaginate uses user-controlled query parameters (order and sort_by via DefaultQuery) to build SQL order clauses, enabling SQL injection via crafted requests. Multiple connected sources confirm the vulnerability is exploitable through the GET /api/...
Fuzzy SWMP 跨站脚本漏洞
SWMP is a Linux server statistics dashboard by the individual developer of Fuzzy. A cross-site scripting vulnerability exists in Fuzzy SWMP, which stems from a problem with the file swmp.php, where manipulation of the parameter theme can lead to cross-site scripting...
CVE-2018-2377
In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users...
CVE-2018-2377
The CVE-2018-2377 issue affects SAP HANA Extended Application Services 1.0. It allows unauthorized users to retrieve some general server statistics and status information, indicating a partial confidentiality impact. Root cause details are not explicitly provided beyond exposure of server metadat...
PT-2018-15510 · Sap · Sap Hana Extended Application Services
Name of the Vulnerable Software and Affected Versions: SAP HANA Extended Application Services version 1.0 Description: The issue allows unauthorized users to retrieve some general server statistics and status information. Recommendations: For SAP HANA Extended Application Services version 1.0,...
[SECURITY] Fedora 26 Update: awstats-7.6-4.fc26
Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...
[SECURITY] Fedora 10 Update: awstats-6.95-1.fc10
Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...
[SECURITY] Fedora 12 Update: awstats-6.95-1.fc12
Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...
[SECURITY] Fedora 9 Update: awstats-6.8-3.fc9
Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...
KMiNT21.txt
Summary: Buffer overflow in KMiNT21 Software Golden FTP Server Pro v2.52 10.04.2005 http://www.goldenftpserver.com/ Details: Passing an overly long username parameter to the FTP server causes the EIP register to be overwritten after the USER/PASS login sequence is completed. Once this has been do...