19 matches found
EUVD-2022-34606
Malicious code in bioql PyPI...
CVE-2022-2547
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
Design/Logic Flaw
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
Design/Logic Flaw
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
Design/Logic Flaw
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-1069
CVE-2022-1069 affects Softing Secure Integration Server (notably V1.22 and earlier) and is caused by processing a crafted HTTP Content-Length header, leading to an out-of-bounds read and denial-of-service. Related advisories document the impact as remote DoS without authentication, with various c...
CVE-2022-2338 Softing Secure Integration Server Cleartext Transmission of Sensitive Information
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may...
CVE-2022-2335 Softing Secure Integration Server Integer Underflow
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2334 Softing Secure Integration Server Uncontrolled Search Path Element
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22...
CVE-2022-2334
CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...
CVE-2022-1373 Softing Secure Integration Server Relative Path Traversal
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file...
CVE-2022-2547 Softing Secure Integration Server NULL Pointer Dereference
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
Reflected XSS on conversion filter function
Description Fava v1.22 have a conversion filter function on income statement dashboard which allow user to perform XSS due to improper validation on filter conversion. Proof of Concept 1 Navigate to Fava demo instance https://fava.pythonanywhere.com/example-beancount-file/incomestatement/. 2 Filt...
DEBIAN-CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
CVE-2022-2514
CVE-2022-2514 affects Fava (beancount) prior to v1.22, with a reflected XSS due to failure to escape error messages that echoed the time and filter parameters. This is a cross-site scripting vulnerability in the beancount/fava stack that can expose user data via crafted input. A GitHub commit ca9...
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
Document Title: =============== Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: ======= CVE-2014-2239 Release Date:...
ZAPms v1.22 (19.04.2011) Remote SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
XSS in ssLinks v1.22
Advisory: XSS in ssLinks v1.22 Home Page: http://scripts.incutio.com/sslinks/ Уязвимость/Vulnerability: Межсайтовый скриптинг/Cross Site Scripting Уязвимый скрипт/Vulnerable script: links.php http://design.greenkri.com/links.php?days="scriptalert/script" &action=newlinks -------------------------...