An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.
Source link
[Bug 1839865] CVE-2019-20798 cherokee: XSS in the administrator panel
RELATED STORIES
A vulnerability classified as problematic was found in CologneBlue Skin up to 1.35 on MediaWiki....
GitHub fixes ‘high severity’ security flaw spotted by Google. Two weeks after Google disclosed a...
[*] # Exploit Title: Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection # Date: 13/09/2020...
An update that fixes three vulnerabilities is now available. SUSE Security Update: Security update for...
The Odyssey Team updated its iOS 13-centric Odyssey jailbreak tool at the crack of dawn...
Drupal是使用PHP语言编写的开源内容管理框架。 近日 Drupal官方发布安全更新,修复了 CVE-2020-13671 Drupal 远程代码执行漏洞。由于Drupal core 没有正确地处理上传文件中的某些文件名,攻击者通过上传恶意文件,在某些特定的配置下可能会被当作 php 解析,从而导致远程代码执行。Drupal 用户应尽快采取安全措施阻止漏洞攻击。 影响范围 Drupal 9.0.8; Drupal...
Risk High Patch available YES Number of vulnerabilities 9 CVE ID CVE-2020-7550CVE-2020-7551CVE-2020-7552CVE-2020-7553CVE-2020-7554CVE-2020-7555CVE-2020-7556CVE-2020-7557CVE-2020-7558 CWE ID CWE-119CWE-787CWE-125...
Η Microsoft εργάζεται για τη διόρθωση ενός σφάλματος στο update KB4586786 που κυκλοφόρησε την προηγούμενη...
0x00简介 Solr 是一个开源的企业级搜索服务器,底层使用易于扩展和修改的Java 来实现。服务器通信使用标准的HTTP 和XML,所以如果使用Solr 了解Java 技术会有用却不是必须的要求。 Solr 主要特性有:强大的全文检索功能,高亮显示检索结果,动态集群,数据库接口和电子文档(Word ,PDF 等)的处理。而且Solr 具有高度的可扩展,支持分布搜索和索引的复制。 0x01漏洞概述 Apache Solr...
V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion
NOTE:...
You must be logged in to post a comment.