39 matches found
CVE-2026-31166
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi...
CVE-2024-31166
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::HelloElemVersionBitmap::unpack. This issue affects libfluid: 0.1.0...
CVE-2024-31166 Out-of-bounds Read in libfluid_msg library
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::HelloElemVersionBitmap::unpack. This issue affects libfluid: 0.1.0...
CVE-2024-31166
Summary : CVE-2024-31166 is an Out-of-bounds Read in the Open Networking Foundation’s libfluid , specifically the libfluid_msg module. The vulnerability stems from the routine fluid_msg::of13::HelloElemVersionBitmap::unpack and affects libfluid version 0.1.0 . Impact (as per CVSS/connected source...
CVE-2024-31166 Out-of-bounds Read in libfluid_msg library
Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::HelloElemVersionBitmap::unpack. This issue affects libfluid: 0.1.0...
Windows IIS HTTP Protocol Stack Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...
Schweitzer Engineering Laboratories RTAC Path Traversal (CVE-2023-31166)
An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See...
CVE-2023-31166
creationtimestamp| type| source ---|---|--- 2023-05-11 00:15:00+00:00| seen| https://t.me/cibsecurity/63847 2025-01-24 20:04:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3014...
CVE-2023-31166
An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See...
CVE-2023-31166 Improper Limitation of a Pathname to a Restricted Directory
An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See...
CVE-2023-31166 Improper Limitation of a Pathname to a Restricted Directory
An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See...
Exploit for Use After Free in Microsoft
Home-Demolisher PoC for CVE-2021-31166 and CVE-2022-21907...
XWiki 11.3.7 < 13.10.4, 14.0 < 14.2 Privilege Escalation Vulnerability (GHSA-g4h6-qp44-wqvx)
Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...
CVE-2022-31166
XWiki Platform Old Core (versions 11.3.7, 11.0.3, 12.0RC1) is affected by a privilege-escalation flaw in XWikiRights group resolution. Editing a right with the object editor can insert an empty value into groups, which is resolved as a reference to XWiki.WebHome; adding an XWikiGroup xobject to t...
CVE-2022-31166 XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...
CVE-2022-31166 XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...
VulnCheck KEV: CVE-2021-31166
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...
Windows IIS HTTP Protocol Stack DOS
This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafted Accept-Encoding headers that was patched by Microsoft in May 2021, on vulnerable IIS servers. Successful exploitation will result in the target computer BSOD'ing before subsequently rebooting. Note that the...
Exploit for Use After Free in Microsoft
CVE-2021-31166 Why I recently wrote an exploit for CVE-20...
Exploit for Use After Free in Microsoft
PoC exploit for CVE-2021-31166, a Windows HTTP protocol stack re...