CVE-2025-0339

A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Affected is an unknown function of the file /vehical-details.php of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotel...

CVE-2025-0339 code-projects Online Bike Rental HTTP GET Request vehical-details.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Affected is an unknown function of the file /vehical-details.php of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotel...

CVE-2025-0339 code-projects Online Bike Rental HTTP GET Request vehical-details.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Affected is an unknown function of the file /vehical-details.php of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotel...

CVE-2025-0339

CVE-2025-0339 affects code-projects Online Bike Rental 1.0. The vulnerability is in an unknown function of the HTTP GET Request Handler, specifically the file /vehical-details.php. Manipulation leads to cross-site scripting and is described as remotely exploitable. The connected sources confirm t...

CVE-2023-6605

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

CVE-2023-6605

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

CVE-2023-6605 Ffmpeg: dash playlist ssrf vulnerability in ffmpeg

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

Unauthorized Source Code Disclosure

astro is vulnerable to unauthorized source code disclosure. The vulnerability is due to the inclusion of sourcemap files in publicly accessible folders during the build process, allowing unauthenticated users to access server source code via HTTP GET requests...

CVE-2024-28138

An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msgevents.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized...

CVE-2024-28138 OS Command Injection

An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msgevents.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized...

CVE-2024-45760

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges...

CVE-2024-45760

Dell OpenManage Server Administrator (Dell OMSA) — affected: version 11.0.1.0 and prior. Vulnerability: improper access control allowing a remote, low-privilege user to perform unauthorized actions with elevated privileges via HTTP GET. Impact per sources: potential elevation of privilege; no exp...

CVE-2024-9197

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50ABPM.9.2C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service DoS condition against the web...

CVE-2024-9197

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50ABPM.9.2C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service DoS condition against the web...

CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

Exploit for Improper Neutralization in Dlink Dns-320_Firmware

CVE-2024-10914 - D-Link Remote Code Execution RCE Exploit T...

The vulnerability of D-Link DSL-2640U and DSL-2540U router microprogramming systems lies in the lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DSL-2640U and DSL-2540U router microprogramming systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands using metasymbols within the...

The vulnerability of the cgi_user_add function in the CGI script /cgi-bin/account_mgr.cgi?cmd=cgi_user_add allows a hacker to execute arbitrary commands. This vulnerability affects microprogrammed devices from the D-Link series: DNS-320, DNS-320LW, DNS-325, and DNS-340L.

The vulnerability of the cgiuseradd function in the CGI script /cgi-bin/accountmgr.cgi?cmd=cgiuseradd in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices is related to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this...

CVE-2024-10916

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiat...