5 matches found
EUVD-2024-34241
Malicious code in bioql PyPI...
CVE-2024-11986
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scriptin...
CVE-2024-11986
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scriptin...
CVE-2024-11986
CVE-2024-11986 involves improper input handling of the Host Header in CrushFTP, allowing an unauthenticated attacker to craft input that is stored in web application logs and can execute when an Administrator views the logs. Connected sources identify CrushFTP as the affected product and note the...
ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know
On June 29, 2021, security researcher Michael Stepankin @artsploit posted details of CVE-2021-35464, a pre-auth remote code execution RCE vulnerability in ForgeRock Access Manager identity and access management software. ForgeRock front-ends web applications and remote access solutions in many...