10 matches found
EUVD-2017-18267
Malware in sbrugna...
EulerOS Virtualization 2.12.0 : wget (EulerOS-SA-2024-2780)
According to the versions of the wget package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior ...
RHEL 7 : lynx (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lynx: Invalid URL parsing of pages containing '?' CVE-2016-9179 - lynx: Use after free in...
CVE-2021-32779
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI 'fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with...
CVE-2021-32779
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI 'fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with...
Open Redirect in medialize/uri.js
✍️ Description urijs mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. 🕵️♂️ Proof of Concept 1. Create the following PoC file:...
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
Cisco Webex Teams Cisco Spark URI Handler Remote Command Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webex Cisco Spark. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within...
CVE-2018-17039
MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $SERVER'REQUESTURI' is mishandled...
CVE-2018-10297
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images...