425 matches found
GHSA-FPJ8-GQ4V-P354 Apache Tomcat - Client certificate verification bypass
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...
CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...
CVE-2025-66614
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...
CVE-2025-66614
CVE-2025-66614 is an improper input validation issue in Apache Tomcat. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.49, and 9.0.0-M1 through 9.0.112, with older EOL versions (8.5.0–8.5.100) also listed as affected. The root cause is failure to verify...
Apache Tomcat 输入验证错误漏洞
Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.14, from 10.1.0-M1 to 10.1.49, from 9.0.0-M1 to 9.0.11...
Python Cryptographic Authority: Fail-Open in set_tlsext_servername_callback on pyopenssl via unhandled exceptions leads to security bypass
A vulnerability was discovered in the pyopenssl library's handling of the Server Name Indication SNI callback settlsextservernamecallback. The internal wrapper for this callback catches all Python exceptions raised by user code but returns 0 Success/SSLTLSEXTERROK to the underlying OpenSSL engine...
CVE-2019-25346
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...
CVE-2019-25346
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...
CVE-2019-25346
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...
CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...
CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...
CVE-2019-25346
CVE-2019-25346 pertains to TheSystem 1.0, with a SQL injection in the server_name parameter that enables authentication bypass. The vulnerability allows an attacker to inject SQL like ' or '1=1' to retrieve unauthorized database records and potentially access sensitive system information. Multipl...
thesystem SQL注入漏洞
TheSystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thetheSystem has a SQL injection vulnerability, which stems from improper handling of the parameter servername, potentially leading to SQL injection attacks...
PT-2026-7882
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...
CVE-2019-25311 thesystem Persistent XSS
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...
CVE-2019-25311
The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...
PT-2026-7606
Name of the Vulnerable Software and Affected Versions thesystem version 1.0 Description thesystem version 1.0 has a persistent cross-site scripting issue. Attackers can inject malicious scripts through several server data input fields. Specifically, crafted script payloads can be submitted in the...
CVE-2020-37120 Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH)
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler SEH. Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and...
CVE-2020-37120
CVE-2020-37120 affects Rubo DICOM Viewer 2.0. The vulnerability is a buffer overflow in the DICOM server name input field that allows overwriting the Structured Exception Handler (SEH), enabling arbitrary code execution via a crafted text file. Connected sources provide details on vulnerable comp...
PT-2026-6565
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler SEH. Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and...