636 matches found
CVE-2023-24366
An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request...
Design/Logic Flaw
An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request...
CVE-2023-24366
An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request...
CVE-2023-24366
CVE-2023-24366 affects rConfig v6.8.0 . The vulnerability is described as an arbitrary file download via a crafted HTTP request, exposing sensitive files and yielding a CONFIDENTIALITY impact: HIGH with no integrity/availability impact. The NVD/CNA entries assign a CVSS v3.1 base score 6.5 (MEDIU...
The vulnerability of the Micrium real-time operating system’s HTTP server allows attackers to execute arbitrary code.
The vulnerability of a real-time Micrium operating system’s HTTP server relates to buffer overflow attacks. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending a specially crafted HTTP request...
Design/Logic Flaw
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request...
K26314875: Apache vulnerability CVE-2022-26377
Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4...
Directory traversal
A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-38715
A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-38459
A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-25026
A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
CVE-2022-25026
A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
CVE-2022-28229
The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...
Design/Logic Flaw
The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...
CVE-2022-28229
The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...
CVE-2022-28229
The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...
CVE-2022-29517
A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...
The vulnerability of the SetDdns-domain component in the Reolink RLC-410W camera’s microprogramming system allows a intruder to execute arbitrary commands.
The vulnerability of the SetDdns-domaind component in the Reolink RLC-410W video camera software exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...
Remote code execution
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request...
CVE-2022-39833
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request...