Download
| Alert*
|
CVE-2016-3063
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. CVE-2016-2568 pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. CVE-2009-4267 The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. CVE-2014-9938 contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. CVE-2013-2011 WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. CVE-2013-4547 nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. CVE-2021-20405 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183. CVE-2021-20844 Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive inf ... CVE-2021-22254 Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9. CVE-2021-23205 Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.3 ... CVE-2021-29872 IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOS ... CVE-2021-28940 Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS ... CVE-2021-32679 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to ... CVE-2021-32796 xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes durin ... CVE-2021-32067 The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization. CVE-2021-32072 The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods. CVE-2021-33672 Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the atta ... CVE-2021-38751 A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM. CVE-2021-39367 Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. CVE-2021-41191 Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website. ... CVE-2021-40007 There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure. CVE-2021-43410 Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/a ... CVE-2021-42250 Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. CVE-2021-43106 A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the req ... CVE-2017-12064 The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name. CVE-2017-12340 A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash sh ... CVE-2017-18892 An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. CVE-2017-8303 An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. CVE-2020-10960 In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ... CVE-2020-13625 PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. CVE-2020-13654 XWiki Platform before 12.8 mishandles escaping in the property displayer. CVE-2020-16281 The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. CVE-2020-24972 The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. CVE-2020-24849 A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-1731 ... CVE-2020-25646 A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality CVE-2020-24592 Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. CVE-2020-26226 In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a UR ... CVE-2020-27604 BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardl ... CVE-2020-26283 go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, mali ... CVE-2020-29023 Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all ... CVE-2020-28954 web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. CVE-2020-35475 In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column ... CVE-2020-4850 IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298. CVE-2018-15494 In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. CVE-2018-16386 An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error m ... CVE-2018-18838 An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. CVE-2018-2389 Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file. CVE-2018-20586 bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. CVE-2018-8609 A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dyna ... CVE-2018-9246 The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerabil ... CVE-2018-8920 Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. CVE-2019-0956 An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'. CVE-2019-10362 Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables. CVE-2019-10249 All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised. CVE-2019-0971 An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'. CVE-2019-0857 A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'. CVE-2019-11325 An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter. CVE-2019-12674 Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insuff ... CVE-2019-12675 Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insuff ... CVE-2019-11268 Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups ... CVE-2019-15944 In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. CVE-2019-19714 Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered. CVE-2019-1968 A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could expl ... CVE-2019-4326 "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." CVE-2019-9853 LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in th ... CVE-2020-14330 An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri mod ... CVE-2021-20333 Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.10. CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVE-2021-28662 An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic. CVE-2021-31806 An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. CVE-2019-11717 A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2020-26116 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. |
