184 matches found
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
The breakthrough first-class information surveillance system, etc. IIS firewall to achieve injection-vulnerability warning-the black bar safety net
Prior to URL encoding, percent-plus the two bits 1 to 6 hexadecimal representation of a character, such as’after the after encoding is%2 7, This is everyone knows the URL encoding rules, UrlUnescapeInPlace like the API function even programmers write their own URL decoding function that are based...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...
LiteServe URL Decoding DoS Vulnerability
The remote web server dies when an URL consisting of a long invalid string of % is sent. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2005-0054
CVE-2005-0054 is a remote-code-execution vulnerability in Internet Explorer 5.01/5.5/6 where specially crafted HTML/URLs cause IE to interpret a page in the wrong security zone, potentially executing code in the Local Machine zone. The issue stems from how encoded hostnames are parsed for URLs, e...
CVE-2005-0054
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decodin...
Microsoft Internet Explorer contains URL decoding cross-domain vulnerability
Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...
CVE-2004-1315
Summary: CVE-2004-1315 affects phpBB 2.x prior to 2.0.11. The vulnerability stems from improper URL decoding of the highlight parameter in viewtopic.php, allowing a remote attacker to double-encode the highlight value so that PHP exec runs arbitrary code. Exploited in the wild by the Santy.A worm...
CVE-2004-1315
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...
CVE-2004-0189
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL "%00" character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists...
CVE-2004-0189
CVE-2004-0189 concerns a bug in the URL decoding '%xx' function in Squid 2.5.STABLE4 and earlier that can inject a NULL character into decoded URLs, causing Squid to compare only a portion of the requested URL against ACLs. This can allow bypass of url_regex-based access control lists. Public dis...
CVE-2004-0189
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL "%00" character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists...
Fedora Core 1 : squid-2.5.STABLE3-1.fc1 (2004-104)
Tue Mar 09 2004 Jay Fenlason 7:2.5.STABLE3-1.fc1 - Backport security fix for %00 hole. See CVE-2004-0189: The '%xx' URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL '%00' character, which causes Squid to use only a portion...
RHEL 2.1 / 3 : squid (RHSA-2004:133)
An updated squid package is available that fixes a security vulnerability in URL decoding and provides a new ACL type for protecting vulnerable clients. Squid is a full-featured Web proxy cache. A bug was found in the processing of %-encoded characters in a URL in versions of Squid 2.5.STABLE4 an...
FreeBSD : squid ACL bypass due to URL decoding bug (182)
The following package needs to be updated: squid %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg705e003a7f3611d896450020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...
HP OpenView Select Access protection bypass
Invalid URL esc-symbols decoding allows user to access protected directory...
Low: Red Hat Security Advisory: : Updated squid package fixes security vulnerability
An updated squid package is avaliable that fixes a security vulnerability in URL decoding and provides a new ACL type for protecting vulnerable clients. Squid is a full-featured Web proxy cache. A bug was found in the processing of %-encoded characters in a URL in versions of Squid 2.5.STABLE4 an...
CVE-2004-0189
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL "%00" character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists...
CVE-2004-0189
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass urlregex ACLs via a URL with a NULL "%00" character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists...
squid ACL bypass due to URL decoding bug
From the Squid advisory: Squid versions 2.5.STABLE4 and earlier contain a bug in the "%xx" URL decoding function. It may insert a NUL character into decoded URLs, which may allow users to bypass urlregex ACLs...