An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages.
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.
An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.
All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513.
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.