14 matches found
CVE-2025-10094 Improper Validation of Specified Quantity in Input in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability in GitLab Enterprise Edition EE and GitLab Community Edition ...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to unlimited resource distribution, allows a hacker to cause a service failure.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the unlimited distribution of resources when processing token names. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
SUSE CVE-2012-4386
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks by setting the token name configuration parameter to a session attribute...
Rdiffweb 输入验证错误漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. An input validation error vulnerability exists in Rdiffweb versions prior to 2.5.5, which originates from a hyperlink injection via a...
Denial Of Service (DoS)
rdiffweb is vulnerable to Denial Of Service DoS. A malicious user is able to set the Token name with a long string leading to memory corruption, resulting in an application crash...
GHSA-3FHQ-72HW-JQWV rdiffweb's lack of token name length limit can result in DoS or memory corruption
rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue...
rdiffweb's lack of token name length limit can result in DoS or memory corruption
rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue...
CVE-2022-3371 No limit in length of "Token name" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3...
PT-2022-21826 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a3 Description: The issue is related to the allocation of resources without limits or throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption...
No limit in length of "Token name" parameter results in DOS attack /memory corruption
Proof of Concept 1Go to https://rdiffweb-dev.ikus-soft.com/prefs/tokens endpoint . 2You will see a field called "Token name" 3Here you will see that there is no limit for the "Token name" parameter that allows a user to to set a very long string as long as 1 million characters . 4This may possibl...
Freeze Bridge via Non-UTF8 Token Name/Symbol/Denom
Handle nascent Vulnerability details Manual insertion of non-utf8 characters in a token name will break parsing of logs and will always result in the oracle getting in a loop of failing and early returning an error. The fix is non-trivial and likely requires significant redesign. Proof of Concept...
CVE-2012-4386
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks by setting the token name configuration parameter to a session attribute...
PT-1997-1154 · Microsoft · Windows Nt
Name of the Vulnerable Software and Affected Versions: Windows NT affected versions not specified Description: The issue concerns a Windows NT user having inappropriate rights or privileges. This includes privileges such as Act as System, Add Workstation, Backup, Change System Time, Create...