23 matches found
EUVD-2018-0368
Malware in sbrugna...
EUVD-2018-20507
Malware in sbrugna...
EUVD-2022-6180
Malicious code in bioql PyPI...
PT-2025-35161
Name of the Vulnerable Software and Affected Versions: CGI::Simple versions prior to 1.282 Description: CGI::Simple contains a HTTP response splitting flaw that allows HTTP response header injection. This can be exploited to perform reflected cross-site scripting XSS, open redirect, cache...
jetty: Ambiguous paths can access WEB-INF
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...
jetty: Ambiguous paths can access WEB-INF
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...
Reverse-Shell-Generator - Hosted Reverse Shell Generator With A Ton Of Functionality
Hosted Reverse Shell generator with a ton of functionality -- great for CTFs Hosted Instance https://revshells.com Features Generate common listeners and reverse shells Automatically copy to clipboard Button to increment the listening port number by 1 URI and Base64 encoding LocalStorage to persi...
CVE-2019-5783
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page...
CVE-2019-5783
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page...
CVE-2019-5783
CVE-2019-5783 corresponds to an "insufficient validation of untrusted input" vulnerability in Google Chrome’s DevTools prior to version 72.0.3626.81. The flaw enables a remote attacker to perform a Dangling Markup Injection attack by delivering a crafted HTML page, as described in the public CVE ...
CVE-2018-3777
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests...
CVE-2018-3777
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests...
Authorization
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests...
CVE-2018-3777
CVE-2018-3777 affects the Ruby gem restforce, prior to version 3.0.0. The vulnerability stems from insufficient URI encoding, allowing an attacker to inject arbitrary parameters into Salesforce API requests. Reported impact includes the ability to override HTTP methods via request parameters (e.g...
CVE-2018-3777
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests...
PT-2018-16195 · Salesforce · Restforce
Name of the Vulnerable Software and Affected Versions: restforce versions prior to 3.0.0 Description: The issue is related to insufficient URI encoding, allowing an attacker to inject arbitrary parameters into Salesforce API requests. This flaw is only exploitable in applications that pass user...
Insufficient URI encoding in restforce
A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...
CVE-2018-8899
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations...
Cross-site Scripting
plotly-js is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due the lack of URI encoding in the href field that defines the special popup attribute...
apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
No description provided by source. Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18 http://tomcat.apache.o...