CVE-2022-32778

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

CVE-2022-29468

A cross-site request forgery CSRF vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability...

Cisco Secure Web Appliance < 14.5.0-537 Privilege Escalation (cisco-sa-wsa-prv-esc-8PdRU8t8)

According to its self-reported version, Cisco Web Security Appliance WSA is affected by a privilege escalation vulnerability. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An authenticated, remote attacker could exploit this vulnerability to...

CVE-2022-2335

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

CVE-2022-35147

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request...

CVE-2022-2337

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...

Cross site request forgery (csrf)

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request...

Design/Logic Flaw

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

CVE-2022-35147

DoraCMS v2.18 and earlier has an authentication bypass vulnerability (CVE-2022-35147). The issue allows an attacker to bypass login via a crafted HTTP request, enabling unauthorized access. Affected software is DoraCMS, versions up to 2.18; root cause involves bypassing authentication logic. Impa...

CVE-2022-2337 Softing Secure Integration Server NULL Pointer Dereference

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...

CVE-2022-1069 Softing Secure Integration Server Out-of-bounds Read

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

CVE-2022-2335 Softing Secure Integration Server Integer Underflow

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

CVE-2022-2547 Softing Secure Integration Server NULL Pointer Dereference

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

CVE-2022-26376

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-27484

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request...

Design/Logic Flaw

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request...

The vulnerability in the web interface of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router allows a perpetrator to execute arbitrary code.

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers arises from an operation that...

The vulnerability in the web interface of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router allows a perpetrator to execute arbitrary code.

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers arises from an operation that...