halo vulnerabilities and exploits

4.3
CVSSv2
CVE-2018-11012

ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java....

3.5
CVSSv2
CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments....

4.3
CVSSv2
CVE-2018-11011

ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java....

6.5
CVSSv2
CVE-2019-19999

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration....

5
CVSSv2
CVE-2005-1741

Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data....

5
CVSSv2
CVE-2004-1667

Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response....

5
CVSSv2
CVE-2004-1539

Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference....

4.3
CVSSv2
CVE-2019-5625

The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the...

5
CVSSv2
CVE-2004-0349

Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL....

GwebGweb Http Server