3632 matches found
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...
Simple Responsive Tourism Website 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Simple Responsive Tourism Website v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
EN Is a Proof of Concept PoC script to check for vulnerabil...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
EN Is a Proof of Concept PoC script to check for vulnerabil...
GHSA-355V-2RJX-FPX7 Inefficient Regular Expression Complexity in langflow
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
Inefficient Regular Expression Complexity in langflow
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
CVE-2024-9277
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
CVE-2024-9277
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
CVE-2024-9277 Langflow HTTP POST Request utils.py redos
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
CVE-2024-9277
Langflow
CVE-2024-9277 Langflow HTTP POST Request utils.py redos
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
netty-codec-http: Allocation of Resources Without Limits or Throttling
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
CVE-2024-6342
UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...
CVE-2024-6342
CVE-2024-6342 affects Zyxel NAS326 and NAS542 devices. The issue lies in the export-cgi program, allowing an unauthenticated attacker to execute OS commands via a crafted HTTP POST request. Affected: NAS326 up to firmware V5.21(AAZF.18)C0 and NAS542 up to V5.21(ABAG.15)C0. Root cause: command inj...
CVE-2024-6342
UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...
CVE-2024-6342
UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...
CVE-2024-34087
An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request...
CVE-2024-34087
This CVE affects BPQ32 6.0.24.1, identifying an SEH-based buffer overflow in the BPQ32 HTTP Server that enables remote code execution via an HTTP POST /TermInput request when an attacker has Web Terminal access. The Red Hat advisory confirms the vulnerability path and impact. Public sources (PT-S...
CVE-2024-34087
An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request...
CVE-2024-8134 D-Link DNS-1550-04 HTTP POST Request hd_config.cgi cgi_FMT_Std2R5_1st_DiskMGR command injection
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue...