CVE-2023-4473

CVE-2023-4473 and CVE-2023-4474 affect Zyxel NAS326 (firmware V5.21(AAZF.14)C0) and NAS542 (V5.21(ABAG.11)C0). The web server vulnerabilities allow an unauthenticated attacker to execute OS commands via crafted URLs; CVE-2023-4473 is a command injection and CVE-2023-4474 a faulty neutralization i...

CVE-2021-23266

Crafter CMS (Crafter Studio) vulnerability CVE-2021-23266 allows anonymous users to craft a URL whose text is displayed verbatim in the log viewer, enabling misleading admin messages. Root cause: improper output neutralization for logs. Affected component: Crafter Studio log viewer. No remediatio...

Local File Dislocusure to Browse All Files in /atlassian-bamboo

This vulnerability affects certain versions of Atlassian Bamboo. Attacker can craft URL to browse all files inside /atlassian-bamboo at Bamboo installation folder, which includes files at WEB-INF folder...

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

CVE-2021-20669

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL...

phpMyAdmin -- XSRF/CSRF vulnerability

The phpMyAdmin team reports: Description By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Severity We consider this vulnerability to be critical...

CVE-2017-14244

An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FWiB-LR7011A1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi...

CVE-2017-7675

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL...

CVE-2017-1125

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

Microsoft Outlook Web Access Modified Canary Parameter Cross Site Scripting (MS15-026; CVE-2015-1628)

An elevation of privilege vulnerability exists in Microsoft Exchange Server. The vulnerability is caused when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. A remote attacker can exploit this issue by enticing a victim to open a specially crafted URL...