3357 matches found
CVE-2019-7230
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...
CVE-2019-11391
An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: the softwa...
Tridium Niagara Framework和Tridium Niagara Enterprise Security 安全漏洞
Tridium Niagara Framework and Tridium Niagara Enterprise Security are both products of Tridium, Inc.Tridium Niagara Framework is a comprehensive software infrastructure that solves the challenges of creating appliance to enterprise applications. Tridium Niagara Enterprise Security is a...
CVE-2004-2237
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."...
Malicious code in eslint-plugin-i18n-strings (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52f5d25719716952625ab6fabacd4ccb2743e7066584b9b76cf5c198a0ebfc66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Invision Community 安全漏洞
Invision Community is a software for designing and developing mobile application UI from Invision USA. A security vulnerability exists in Invision Community versions prior to 5.0.0 through 5.0.7, which stems from improper handling of template strings and could lead to remote code execution...
CVE-2025-47916
Invision Community 5.0.0–5.0.6 (and up to 5.0.7 fixed) contains an unauthenticated RCE in the themeeditor.php controller, via the customCss() method. The content parameter is passed to Theme::makeProcessFunction(), allowing the template engine to evaluate crafted template expressions, enabling ar...
CVE-2025-47916
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller file: /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by...
github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input
A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive memo...
NetScaler Appending random strings in http POST method causing "500 Internal Error"
The NetScaler appends some random string to POST request sent to the backend server, This results in failure, “HTTP 500 Internal error” to be specific...
@lumieducation/h5p-server Fails to Sanitize Plain Text Strings
Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings...
django: Potential denial-of-service vulnerability in django.utils.text.wrap()
A potential denial of service vulnerability exists in django.utils.text.wrap and the wordwrap template filter. When processing extremely long strings, these functions may cause excessive resource consumption, potentially leading to service disruption...
The vulnerability of the server of the Zabbix universal monitoring system allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Zabbix universal monitoring system relates to the use of uncontrolled format strings in processing HttpRequest objects. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
SUSE CVE-2023-53093
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram cod...
CVE-2024-9877
: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...
CVE-2023-37535
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...
CVE-2024-9877
: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...
The vulnerability of the mod_data module in the virtual training environment Moodle, which allows a intruder to gain unauthorized access to protected information
The vulnerability of the moddata module in the virtual training environment Moodle is related to the disclosure of information through query strings. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
PT-2025-18312 · Abb · Abb Anc-L +2
Name of the Vulnerable Software and Affected Versions: ABB ANC versions through 1.1.4 ABB ANC-L versions through 1.1.4 ABB ANC-mini versions through 1.1.4 Description: The issue is related to the use of the GET request method with sensitive query strings. This problem affects various ABB products...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the ResponseReader class. An attacker can cause the application to allocate excessive memory and trigger a denial of service by including "literal" strings in responses sent to...