30 matches found
Exploit for Cross-site Scripting in Gitea
CVE-2021-28378 Details about this CVE herehttps://www.cved...
CVE-2019-20493
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled SEC-520...
CVE-2019-11325: Fix escaping of strings in VarExporter
Affected versions Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony VarExporter component are affected by this security issue. The issue has been fixed in Symfony 4.2.12 and 4.3.8. Description Some strings were not properly escaped when being dumped by the VarExporter component...
Sql injection
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns...
CVE-2018-18476
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns...
mysql-binuuid-rails allows SQL Injection by removing default string escaping
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. ActiveRecord does not explicitly escape the Binary data type Type::Binary::Data for mysql. mysql-binuuid-rails uses a data type that is derived from the base Binary...
Cross-site Request Forgery (CSRF)
phpMyFAQ is vulnerable to cross-site request forgery CSRF. The library does not properly escape certain strings, allowing a malicious website to change a user's settings...
CURL-CVE-2016-7167 curl escape and unescape integer overflows
The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The functions having names without "easy" being the deprecated versions of the others...
Fedora Core 5 : mysql-5.0.22-1.FC5.1 (2006-702)
Repairs vulnerability in multibyte string escaping. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
FreeBSD : postgresql -- encoding based SQL injection (17f53c1d-2ae9-11db-a6e2-000e0c2e438a)
The PostgreSQL development team reports : An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands...