Code injection

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImplgetValidHref and org.apache.sling.xss.impl.XSSFilterImplisValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API...

CVE-2017-15717

CVE-2017-15717 involves a flaw in URL escaping/encoding in the Apache Sling XSS Protection API. The issue resides in org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref, allowing specially crafted URLs to pass as valid despite carrying XSS pay...

Valve: Link filter protection bypass

Description Hi, there is a protection bypass in the linkfilter function. By using the character 。 %E3%80%82 url encoded instead of a normal dot in urls, it is possible to bypass the blocking. PoC Normal request : https://steamcommunity.com/linkfilter/?url=pornhub.com F240919 Bypass :...

Starbucks: Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)

Hi guys, I am now able to prove my concerns from 227486 see my last comment. "s are still not correctly encoded when rendered into the page in the element on almost any https://starbucks.co.uk/ page. The WAF is bypassed by encoding "s as %2522 in the URL path. This won't work when the payload is...

Cross site scripting

An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...

CVE-2017-8760

An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...

CVE-2017-8760

An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...

Directory traversal

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

CVE-2016-10367

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

CVE-2016-5953

IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL...

The use of Python code implementing the Web application of the injection-vulnerability warning-the black bar safety net

Vulnerability overview If your Web application exists in the Python code injection vulnerability, the attacker can use your Web applications to your back-end server of the Python parser to send malicious Python code. This also means that if you can on the target server execute Python code, you ca...

Blockchain: Reflected XSS on blockchain.info

The application at https://blockchain.info is vulnerable to reflected XSS/HTML injection through the URL at the block-index page. Proof of concept === The following PoC contains the payload "XSS here which displays the text in heading size...

E-cidade Traversal Directory Vulnerability

A traversal directory vulnerability exists in E-cidade. The vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing simple URL encoding to bypass files and directories that are accessible to an unauthenticated user ... %252F...

WebSummit: Reflected xss on websummit.net

Hey guys, TL;DR: Reflected XSS on websummit.net/attendees/featured-attendees as the q parameter is directly reflecting special characters in the data-url on the handlebars template section of the page, as opposed to URL encoding them. Proof of Concept: Visit...

Vulnerability of Python software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

The vulnerability exists in the Python CGIHTTPServer module due to incorrect handling of URL-encoded path separators. Exploiting this vulnerability allows attackers to obtain the original CGI script code or execute any CGI script in the server’s web directory...

phpmyadmin -- XSS and sensitive data leakage

The phpmyadmin development team reports: Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attackers monitoring user GET query parameters or included in the webserver logs. Severity We...

CVE-2016-4345

Integer overflow in the phpfilterencodeurl function in ext/filter/sanitizingfilters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow...

By multipart/form-data bypass the waf-vulnerability warning-the black bar safety net

LuManager high-riskSQL injection0day analysis mentioned in the monitoring to use the payload as follows: ! You can see the attacker using the multipart/form-data format send the payload to. For applications, and using application/x-www-form-urlencoded access to the data is consistent. About...

python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs

It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...

CVE-2015-1002

IniNet embeddedWebServer aka eWebServer before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string...