761 matches found
Directory Information Disclosure
Tomcat is vulnerable to directory information disclosure. When accessing a directory protected by a security constraint with a URL that did not need in a slash, Tomcat would redirect to the URL with the trailing slash, confirming the presence of the file, even if no access is permitted...
CVE-2018-14663
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...
Design/Logic Flaw
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...
CVE-2018-14663
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...
DEBIAN-CVE-2018-14663
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...
UBUNTU-CVE-2018-14663
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...
CVE-2018-14663
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...
CVE-2018-14663
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...
httpd: <FilesMatch> bypass with a trailing newline in the file name
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
UBUNTU-CVE-2018-19052
An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the alias target...
DEBIAN-CVE-2018-19052
An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the alias target...
Heap overflow
The converttodecimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing...
DEBIAN-CVE-2018-17942
The converttodecimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing...
Medium: httpd24
Issue Overview: Use-after-free on HTTP/2 stream shutdown When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this...
Apache HTTP Server Remote Security Bypass Vulnerability
Apache HTTP Server is an open source web server from the Apache Software Foundation. A security bypass vulnerability exists in Apache httpd versions 2.2.0 through 2.4.29, which can be exploited by an attacker to bypass security restrictions and perform unauthorized operations via trailing newline...
CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
WordPress: Open Redirect on the nl.wordpress.net
Description Hello. I discovered an Open redirect vulnerability on the nl.wordpress.org. Root cause The 301 Redirect contains full hostname, followed with @ without trailing slash, when using: GET /@google.com HTTP/1.1 Host: nl.wordpress.net User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64;...
DEBIAN-CVE-2017-16548
The receivexattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact by sendi...
ALPINE-CVE-2017-16548
The receivexattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact by sendi...
Udemy: Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com
Hello @Udemy! Summary ===== I previously reported a cross-site scripting vulnerability 222337 at coding-exercises.udemy.com. I recently discovered that GitBook-hosted sites are also vulnerable to subdomain takeovers due to a trailing dot vulnerability in the GitBook "Custom Domain" feature seen...