CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a ?C substring...

CVE-2020-12283

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

PT-2020-6932 · Pcre +11 · Pcre +11

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.44 Description: The issue is related to an integer overflow in the libpcre component of the PCRE library, which can be triggered by a large number after a C substring. This can allow a remote attacker to cause a denia...

CVE-2019-20041

wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...

CVE-2019-17119

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

CVE-2019-17373

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2...

Directory Traversal

Butor Portal is vulnerable to path traversal. Lack of validation on user provided path via the theme t parameter allows an attacker to to inject malicious substring /wl?t=../../...= followed by a filename to get access to the file...

DEBIAN-CVE-2019-16707

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx...

CVE-2019-16132

An issue was discovered in OKLite v1.2.25. framework/admin/tplcontrol.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring...

CVE-2019-15516

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...

CVE-2019-1907

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...

CVE-2019-1907 Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...

CVE-2019-1907 Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...

Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...

CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

UBUNTU-CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

Server side request forgery (ssrf)

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...

CVE-2019-9827

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...

CVE-2019-13038

modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL...

CVE-2019-13038

modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL...