Zyxel VMG3625-T50B 安全漏洞

The Zyxel VMG3625-T50B is a WiFi device from China's Heqin Technology Zyxel. A security vulnerability exists in the Zyxel VMG3625-T50B V5.50ABPM.8C0 firmware version, which originates from a CGI program that contains a buffer overflow vulnerability that could allow an authenticated, remote attack...

The vulnerability in the FortiOS operating system’s web administration interface allows a hacker to trigger a service failure.

The vulnerability in the FortiOS operating system’s web administration interface is related to deficiencies in handling exceptional states. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted HTTP requests...

Fortinet FortiOS Denial of Service Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A denial of service vulnerability...

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

CVE-2024-26007

Fortinet FortiOS 7.4.1 is affected by CVE-2024-26007 due to an improper check/handling of exceptional conditions (CWE-703), enabling an unauthenticated attacker to cause a denial of service on the administrative interface via crafted HTTP requests. Mitigations/updates are available; Fortinet advi...

CVE-2024-26007

An improper check or handling of exceptional conditions vulnerability CWE-703 in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests...

GO-2024-2822 Arbitrary code execution in github.com/tiagorlampert/CHAOS

A remote attacker can execute arbitrary commands via crafted HTTP requests...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

CVE-2024-0840

CVE-2024-0840 affects Grandstream UCM Series IP PBX firmwares prior to 1.0.20.52 (UCM6202/6204/6208/6510). A parameter injection vulnerability in the HTTP interface allows a remote, authenticated attacker to execute arbitrary code by sending a crafted HTTP request; authentication may be possible ...

Improper Access Control

Mattermost Server is vulnerable to Improper Access Control. The vulnerability is due to incomplete validation of role changes within team.go, allowing an attacker authenticated as a team admin to promote guests to team admins through crafted HTTP requests...

Improper Access Control

Mattermost Server is vulnerable to Improper Access Control. The vulnerability is due to improper validation when updating team member roles, allowing users with certain administrative privileges to demote other users to guest status through crafted HTTP requests...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

CVE-2024-32394

CVE-2024-32394 affects Ruijie RG-RSR10-01G-T(WA)-S devices (RSR 3.0(1)B9P2 and RSR10-01G-TW-S 07150910). The issue permits remote code execution via a crafted HTTP request, with CVSSv3.1 metrics indicating adjacent access, no privileges required, and user interaction not needed; impact is High on...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

The vulnerability of the Radio Scheduling function in wireless access points Tp-Link AC1350 and Tp-Link N300 allows a hacker to execute arbitrary code.

The vulnerability of the Radio Scheduling function in Tp-Link AC1350 and Tp-Link N300 wireless access points is related to the execution of operations outside the buffer during the processing of the profile parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary cod...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-31487

Fortinet FortiSandbox suffers a path-traversal information-disclosure vulnerability (CVE-2024-31487) affecting FortiSandbox versions 2.4.0–2.4.1, 2.5.0–2.5.2, 3.0.0–3.0.7, 3.1.0–3.1.5, 3.2.0–3.2.4, 4.0.0–4.0.5, 4.2.0–4.2.6, and 4.4.0–4.4.4, allowing an attacker to disclose information via crafted...

CVE-2024-31487

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...