1518 matches found
AdaptCMS SQL Injection vulnerability
SQL injection vulnerability in the "Check User" feature includes/checkuser.php in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter...
Django Arbitrary Code Execution
bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...
Django Improper Access Control
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user...
Django vulnerable to Denial of Service via i18n middleware component
The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...
Django Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in actionview...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to...
Out-of-bounds Write
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB in gif2rgb.c:298:45...
Relative Path Traversal in afire serve_static
This vulnerability effects the built-in afire servestatic extension allowing paths containing //.... to bypass the previous path sanitation and request files in higher directories that should not be accessible...
Cross site scripting in actionpack Rubygem
A cross-site scripting vulnerability flaw was found in the autolink function in Rails before version 3.0.6...
Cross-Site Request Forgery (CSRF)
cobbler: Web interface lacks CSRF protection when using Django framework...
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option...
Improper Authentication
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 is vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remote...
Unrestricted Upload of File with Dangerous Type
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'...
Insecure temporary file usage in SWHKD
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...
Unsafe parsing in SWHKD
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service memory exhaustion upon an attempt to parse a large or infinite file such as a block or character device...
Access control bypass in Beego
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Access control bypass
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Access control bypass
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The package github.com/masterminds/vcs before 1.13.3 is vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection...
Insecure Temporary File in SWHKD
SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the 1.1.0...
Data Loss/Denial of Service in SWHKD
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...
Server-Side Request Forgery (SSRF)
C1 CMS is an open-source, .NET based Content Management System CMS. Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery SSRF by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also...
Unrestricted Upload of File with Dangerous Type
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...
Cross-Site Request Forgery (CSRF)
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts...
Gitea Open Redirect
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5...
Improper Access Control
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's...
URL Redirection to Untrusted Site ('Open Redirect')
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...
Exposure of Sensitive Information to an Unauthorized Actor
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5....
Improper Access Control
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository acces...
Insufficient Session Expiration
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9...
Use of a Broken or Risky Cryptographic Algorithm
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...
Use of a Broken or Risky Cryptographic Algorithm
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey...
Deserialization of Untrusted Data
Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...
Deserialization of Untrusted Data
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...
Server-Side Request Forgery (SSRF)
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...
Path Traversal in Gitea
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
SSRF in repository migration
Impact The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Patches Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to...
Improper Authorization in Gogs
Impact Expired PAM accounts and accounts with expired passwords are continued to be seen as valid. Installations use PAM as authentication sources are affected. Patches Expired PAM accounts and accounts with expired passwords are no longer being seen as valid. Users should upgrade to 0.12.5 or th...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Alist v2.1.0 and below was discovered to contain a cross-site scripting XSS vulnerability via /i/:data/ipa.plist...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...