EUVD-2002-2121

Malware in sbrugna...

EUVD-2018-0549

Malware in sbrugna...

CVE-2020-2140

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...

Design/Logic Flaw

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...

CVE-2023-52430

The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring...

Debian: Security Advisory (DSA-1645-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XSS vulnerability in Jenkins Audit Trail Plugin

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message...

GHSA-CJ2G-WWFV-MVJH XSS vulnerability in Jenkins Audit Trail Plugin

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message...

UDdup - Urls De-Duplication Tool For Better Recon

The tool gets a list of URLs, and removes "duplicate" pages in the sense of URL patterns that are probably repetitive and points to the same web template. For example: https://www.example.com/product/123 https://www.example.com/product/456 https://www.example.com/product/123?isprod=false...

CVE-2020-2140

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...

Cross site scripting

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...

CVE-2020-2140

CVE-2020-2140 affects Jenkins Audit Trail Plugin (versions 3.2 and earlier). The vulnerability is a reflected cross-site scripting due to improper escaping in the URL Patterns field form validation. Exploitation could allow injection of malicious scripts via the error message. The issue is docume...

CVE-2020-2140

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability...

Open Redirect

Django is vulnerable to open redirects. If the library is configured to accept URL patterns ending in a slash, a malicious user can pass a URL request to conduct a open redirect attack...

tomcat: Late application of security constraints can lead to resource exposure for unauthorised users

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

Authorization Bypass

tomcat-catalina is vulnerable to authorization bypass. URL patterns of empty strings were not handled correctly and caused the server to ignore such security constraints when the urlPattern for a servlet is mapped to " ". This allows an attacker to bypass said security constraints and gain...

Debian DSA-1645-1 : lighttpd - various

Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4298 A memory leak in the httprequestparse function could be used by remote...

[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

------------------------------------------------------------------------ Debian Security Advisory DSA-1645-1 [email protected] http://www.debian.org/security/ Steve Kemp October 06, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1645-1 [email protected] http://www.debian.org/security/ Steve Kemp October 06, 2008 http://www.debian.org/security/faq -...

Spam-protection

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-1469. panel We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It...