Suricata < 7.0.14 / 8.x < 8.0.3 Multiple Vulnerabilities

The version of OISF Suricata installed on the remote host is prior to 7.0.14 or 8.x prior to 8.0.3. It is, therefore, affected by multiple vulnerabilities, including: - Crafted DCERPC traffic can cause Suricata to expand a buffer without limits, leading to memory exhaustion and the process gettin...

CVE-2026-22261

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve...

EUVD-2026-4786

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve...

CVE-2026-22261

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve...

CVE-2026-22261 Suricata eve/alert: http1 xff handling can lead to denial of service

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve...

CVE-2026-22261

CVE-2026-22261 affects Suricata (IDS/IPS/NSM engine). Affected: versions prior to 8.0.3 and 7.0.14 with inefficiencies in X-Forwarded-For (XFF) handling, especially for alerts not triggered in a transaction, causing severe slowdowns. The vulnerability is addressed in Suricata 8.0.3 and 7.0.14 via...

CVE-2026-22261

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve...

CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF...

CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF...

CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF...

CVE-2020-21662

CVE-2020-21662 is a SQL injection vulnerability in yunyecms version 2.0.2 exposed via the XFF parameter. The connected sources consistently describe remote attackers being able to execute arbitrary SQL commands through this input, potentially leading to unauthorized database access and data manip...

PT-2023-11596 · Yunyecms · Yunyecms

Name of the Vulnerable Software and Affected Versions: yunyecms version 2.0.2 Description: The issue allows remote attackers to run arbitrary SQL commands via the XFF variable. This can potentially lead to unauthorized access and manipulation of database content. Recommendations: For yunyecms...

CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF...

CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF...

SQL injection vulnerability in zzcms xff inc/function.php (CNVD-2016-07187)

ZZCMS highlights the investment and supply and demand functions, you can quickly build a product investment website. SQL injection vulnerability exists in zzcms product version, the trigger point of the vulnerability is in xff inc/function.php, the attacker can use the vulnerability to obtain the...

BiWEB最新门户版XFF注入一枚

简要描述： BiWEB最新门户版XFF注入一枚 详细说明： 在wooyun上看到了有人把biweb的shell拿到了： WooYun: BIWEB门户版Getwebshell漏洞 ，也有人提了其他漏洞，我也来找找它的漏洞吧。去官网下BiWEB门户版最新的5.8.3来看看。 看看用户登录处是怎么处理的。BiWEB首先对GET和POST进行了过滤，/config/filtrate.inc.php 这里就先不说这种过滤的脑残之处了。 继续往下看，判断用户是否可以正常登录的文件/user/login.php。 无关代码 if!empty$POST if...

BiWEB最新商城版XFF注入一枚

简要描述： BiWEB最新商城版XFF注入一枚 详细说明： 在wooyun上看到了有人提了BiWEB的一个XSS漏洞： WooYun: BIWEB商城版XSS盲打cookie ，也有人提了SQL注入，我也来找找它的漏洞吧。去官网下BiWEB商城版最新的5.8.4来看看。 看看用户登录处是怎么处理的。BiWEB首先对GET和POST进行了过滤，/config/filtrate.inc.php 这里就先不说这种过滤的脑残之处了。 继续往下看，判断用户是否可以正常登录的文件/user/login.php。 无关代码 if!empty$POST if...

BiWEB最新企业版XFF注入一枚

简要描述： BiWEB最新企业版XFF注入一枚 详细说明： 看到pandas提交的BiWEB的漏洞 WooYun: BIWEB企业版多处SQL注入 ，pandas在search.php里找到了几个注入漏洞，我也来凑下热闹。去官网下BiWEB企业版最新的5.8.6来看看。 看看用户登录处是怎么处理的。BiWEB首先对GET和POST进行了过滤，/config/filtrate.inc.php 这里就先不说这种过滤的脑残之处了。 继续往下看，判断用户是否可以正常登录的文件/mcenter/class/mcenter.class.php，若登录成功，则执行下面的代码（测试时请先注册一个用户）。...

PHPYUN multiple SQL injection and rapid positioning disregard 3 6 0 defense-a vulnerability warning-the black bar safety net

Other local estimates are little friends are digging done, we see not often is attention of place In the QQ log in here qqconnect. class. php file We take a look qq landing, will bind the qq of the relevant information: code area function qqbindaction if$GET'usertype'=='1' || $GET'usertype'=='2' ...

PHPSHE B2C 注入第一枚、

简要描述： PHPSHE B2C商城系统 v1.2build 20140519 UTF8 详细说明： 在index.php中 $cachecategoryarr = cache::get'categoryarr'; $cacheclass = cache::get'class'; $cachead = cache::get'ad'; $cachelink = cache::get'link'; $cachepage = cache::get'page'; $webqq = $cachesetting'webqq''settingvalue' ? explode',',...