Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
slashes vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-23384
The package koa-remove-trailing-slashes prior to 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlas...
Koa-remove-trailing-slashes Project Koa-remove-trailing-slashes
NA
CVE-2014-2689
Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php.
Slashes\\&dots Offria
7.5
CVSSv3
CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Openshift Application Runtimes -
Redhat Openshift Application Runtimes 1.0
Redhat Single Sign-on -
Redhat Single Sign-on 7.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Single Sign-on 7.3
Netapp Active Iq Unified Manager -
1 Github repository
6.1
CVSSv3
CVE-2021-23435
This affects the package clearance prior to 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external...
Thoughtbot Clearance
7.5
CVSSv3
CVE-2018-16479
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.
Http-live-simulator Project Http-live-simulator
NA
CVE-2003-1160
FlexWATCH Network video server 132 allows remote malicious users to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
Seyeon Flexwatch Network Video Server 2.2
Seyeon Flexwatch Network Video Server Model 132
1 EDB exploit
NA
CVE-2004-1939
Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote malicious users to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.
Rhinosoft Zaep Antispam 2.0
Rhinosoft Zaep Antispam 2.0 .0.1
1 EDB exploit
NA
CVE-2002-0124
MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote malicious users to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request.
Mdg Computer Services Web Server 4d Ecommerce 3.5.3
5.3
CVSSv3
CVE-2021-3531
A flaw was found in the Red Hat Ceph Storage RGW in versions prior to 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2018-16493
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
Static-resource-server Project Static-resource-server 1.7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »