CVE-2022-3782

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within t...

GHSA-G8Q8-FGGX-9R3Q Keycloak vulnerable to path traversal via double URL encoding

Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks...

CVE-2022-43409

Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...

PT-2022-26893 · Jenkins · Jenkins Pipeline: Supporting Apis Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Supporting APIs Plugin versions 838.va 3a 087b 4055b and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Pipeline: Supporting APIs Plugin does not...

GHSA-6XF3-5HP7-XQQG Improper token validation leading to code execution in Teleport

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

Improper token validation leading to code execution in Teleport

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

CVE-2022-36633

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

CVE-2022-36633

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

Command injection

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

CVE-2022-36633

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

Teleport 9.3.6 Command Injection

Description:Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user i...

sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs

Impact Access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Patches - v20.12.7 LTS - v21.12.2 LTS - v22.6.1 References https://github.com/sanic-org/sanic/issues/2478 https://github.com/sanic-org/sanic/pull/2495 For more...

Improper handling of parameter lead to listing any directory

Description In file-manager/list API, the server does not handling path parameters properly lead to allow listing any directory. To exploit, use double URL encoding to bypass filter. Proof of Concept GET /demo/api/file-manager/list?path=%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/...

Gshell - A Flexible And Scalable Cross-Plaform Shell Generator Tool

A simple yet flexible cross-platform shell generator tool. Name: GGreat Shell Description: A cross-platform shell generator tool that lets you generate whichever shell you want, in any system you want, giving you full control and automation. If you find this tool helpful, then please give me a...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 CVE-2021-41773 According to The National Vulne...

Cross-site Scripting in Apache Sling XSS Protection API

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImplgetValidHref and org.apache.sling.xss.impl.XSSFilterImplisValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API...

grafana: directory traversal vulnerability

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

Exposure of Sensitive Information in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

Reflected XSS

Description Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice Proof of Concept Enter this url :...

RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...