3632 matches found
CVE-2024-8925 Erroneous parsing of multipart form data
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...
CVE-2024-8925
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...
CVE-2024-43365
Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in index.php, finally leading t...
CVE-2024-43364 Stored Cross-site Scripting (XSS) when creating external links in Cacti
Cacti is an open source performance and fault management framework. The title parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users wit...
CVE-2024-43364 Stored Cross-site Scripting (XSS) when creating external links in Cacti
Cacti is an open source performance and fault management framework. The title parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users wit...
CVE-2024-43362 Stored Cross-site Scripting (XSS) when creating external links in Cacti
Cacti is an open source performance and fault management framework. The fileurl parameter is not properly sanitized when saving external links in links.php . Morever, the said fileurl is placed in some html code which is passed to the print function in link.php and index.php, finally leading to...
CVE-2024-43362
Cacti is an open source performance and fault management framework. The fileurl parameter is not properly sanitized when saving external links in links.php . Morever, the said fileurl is placed in some html code which is passed to the print function in link.php and index.php, finally leading to...
Regular Expression Denial Of Service (ReDoS)
langflow is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper handling of the remainingtext argument in the HTTP POST Request Handler, allowing an attacker to exploit the inefficient regular expression patterns and causes excessive resource consumption...
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management a...
Gambio Online Webshop 4.9.2.0 Code Injection
============================================================================================================================================= | Title : Gambio Online Webshop 4.9.2.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management an...
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...
ABB Cylon Aspect 3.08.01 (caldavUtil.php) Remote Code Execution
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...
CVE-2024-47850
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added. Mitigation See the security bulletin for a detailed...
CVE-2024-9513
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...
CVE-2024-9513 Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...
CVE-2024-9513 Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...
CVE-2024-9513
NetAdmin IAM (Netadmin Software) up to version 3.5 has a vulnerability in the HTTP POST Request Handler at /controller/api/Answer/ReturnUserQuestionsFilled. The issue arises from improper manipulation of the username parameter, causing information exposure via discrepancy. Impact is limited to co...
Exploit for CVE-2024-9441
Nortek Linear eMerge E3 Pre-Auth RCE PoC CVE-2024-9441...
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...