CVE-2021-20576

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...

CVE-2021-20576

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...

Security Bulletin: Multiple Security Vulnerabilities have been resolved in IBM Application Gateway (CVE-2021-20576, CVE-2021-20575, CVE-2021-29665)

Summary Multiple Security vulnerabilities have been fixed in the IBM Application Gateway product. Vulnerability Details CVEID: CVE-2021-20576 DESCRIPTION: IBM Application Gateway could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash...

Insecure Session Management

flow-server uses an insecure session management. The server session is not invalidated when the logout helper method of Authentication module is used via a HTTP GET request...

CVE-2021-28936

The Acexy Wireless-N WiFi Repeater REV 1.0 28.08.06.1 Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known default:admin whereas no previous authentication is required...

KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) Vulnerability

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot Unauthenticated Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...

NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation Vulnerability

NuCom 11N Wireless Router version 5.07.90 suffers from a remote privilege escalation vulnerability. The non-privileged default user user:user can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password admin credentials in...

NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation Vendor: NUEVAS COMUNICACIONES IBERIA, S.A. Product web page: https://www.nucom.es Affected version: 5.07.90multiNCM01 5.07.89multiNCM01 5.07.72multiNCM01 Summary: The NC routers upgrades your network to the next generation of WiFi. Wi...

HFS (HTTP File Server) 2.3.x Remote Code Execution

Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...

sthttpd Denial of Service Vulnerability

sthttpd is an improved version of thttpd, a small, simple, fast and secure HTTP server implementation that supports HTTP/1.1. A denial of service vulnerability exists in sthttpd version 2.27.1 and earlier. The vulnerability is related to a memory error in the handling of the dedotdot function in...

CVE-2021-26843

An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...

CVE-2021-26843

An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...

CVE-2020-36200

TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs...

CVE-2019-25014

An out-of-bounds read flaw was found in istio-pilot. This flaw allows an attacker to send a crafted HTTP GET request to the pilot debug API endpoint. This action causes pilot to panic, resulting in a denial of service to the istio pilot application. The highest threat from this vulnerability is t...

Backdoor.Win32.Ketch.b Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/9d7be3799594a82bf7056905f501af03.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ketch.b Vulnerability: Remote Stack Buffer Overflow Description: Makes HTTP GET reque...

IBM Emptoris Strategic Supply Management Platform Information Disclosure Vulnerability

The IBM Emptoris Strategic Supply Management Platform is the public portal to the Emptoris suite of products. An information disclosure vulnerability exists in IBM Emptoris Strategic Supply Management Platform 10.1.0, 10.1.1, and 10.1.3. The vulnerability stems from the product transmitting...

HorizontCMS File Upload Vulnerability

HorizontCMS is an open source, responsive content management system CMS built on Laravel 6, VueJs 2.6 and Bootstrap 3.4. HorizontCMS 1.0.0-beta is vulnerable to unrestricted file uploads. An attacker can exploit this vulnerability to upload PHP code via zip file and execute PHP files via HTTP GET...

Unrestricted file upload

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/...

CVE-2020-28693

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/...

Unrestricted file upload

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...