531 matches found
CVE-2018-3718
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...
CVE-2018-3718
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...
Code injection
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...
CVE-2017-16224
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a...
CVE-2018-3718
CVE-2018-3718 affects the serve node module and is caused by improper handling of URL encoding, which can permit access to ignored/restricted files when a filename is URL encoded. Connected advisories/documentation (GHSA-5RC4-8QQH-VQ7F; OSV, NVD/CVE record) describe this as a directory traversal-...
CVE-2018-3718
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...
CVE-2017-0370
CVE-2017-0370 relates to MediaWiki and is caused by a failure of the spam blacklist to block encoded URLs in the file inclusion syntax’s link parameter. Affected software is MediaWiki versions prior to 1.28.1, 1.27.2, and 1.23.16. The impact is that encoded URLs can bypass the blacklist, potentia...
Node.js third-party modules: [serve] Directory listing and File access even when they have been set to be ignored.
Module: - Name: serve - Version: latest 6.4.9 - Link: https://www.npmjs.com/package/serve Description: The serve modules allows directory browsing and to serve static files through the browser. The config option ignore can be used to tell the module which file or directory are forbidden and shoul...
Cross-site Scripting (XSS)
Apache Sling XSS is vulnerable to cross-site scripting XSS attacks. The application does not properly encode or escape URLs, allowing a malicious user to inject and execute arbitrary Javascript...
Code injection
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImplgetValidHref and org.apache.sling.xss.impl.XSSFilterImplisValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API...
CVE-2017-15717
CVE-2017-15717 involves a flaw in URL escaping/encoding in the Apache Sling XSS Protection API. The issue resides in org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref, allowing specially crafted URLs to pass as valid despite carrying XSS pay...
Valve: Link filter protection bypass
Description Hi, there is a protection bypass in the linkfilter function. By using the character 。 %E3%80%82 url encoded instead of a normal dot in urls, it is possible to bypass the blocking. PoC Normal request : https://steamcommunity.com/linkfilter/?url=pornhub.com F240919 Bypass :...
Starbucks: Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)
Hi guys, I am now able to prove my concerns from 227486 see my last comment. "s are still not correctly encoded when rendered into the page in the element on almost any https://starbucks.co.uk/ page. The WAF is bypassed by encoding "s as %2522 in the URL path. This won't work when the payload is...
Cross site scripting
An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...
CVE-2017-8760
An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...
CVE-2017-8760
An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...
CVE-2016-10367
In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...
Directory traversal
In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...
CVE-2016-5953
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL...
The use of Python code implementing the Web application of the injection-vulnerability warning-the black bar safety net
Vulnerability overview If your Web application exists in the Python code injection vulnerability, the attacker can use your Web applications to your back-end server of the Python parser to send malicious Python code. This also means that if you can on the target server execute Python code, you ca...