3632 matches found
CVE-2024-6950
Prain up to version 1.3.0 is affected by CVE-2024-6950 in the HTTP POST Request Handler’s /?import path. The issue arises from manipulation of the file argument, enabling remote code injection. Exploitation is described as remote and publicly disclosed, with Affected versions up to 1.3.0. The PT-...
CVE-2024-6950 Prain HTTP POST Request ?import code injection
A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection. The attack may be launched...
CVE-2024-6807 SourceCodester Student Study Center Desk Management System HTTP POST Request Users.php cross site scripting
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument...
CVE-2024-6807 SourceCodester Student Study Center Desk Management System HTTP POST Request Users.php cross site scripting
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument...
PT-2024-37878 · Sourcecodester · Sourcecodester Student Study Center Desk Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Student Study Center Desk Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting some unknown functionality of the file /sscdms/classes/Users.php?f=save of the...
netty-codec-http: Allocation of Resources Without Limits or Throttling
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...
CVE-2024-36990
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splun...
CVE-2024-36990 Denial of Service (DoS) on the datamodel/web REST endpoint
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splun...
CVE-2024-36990
Affected software : Splunk Enterprise (versions below 9.2.2, 9.1.5, 9.0.10) and Splunk Cloud Platform below 9.2.2403.100. Vulnerability : An authenticated, low-privileged user without admin/power roles can send a crafted HTTP POST to the datamodel/web REST endpoint, potentially causing a Denial o...
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0710)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0710 advisory. - In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an...
CVE-2024-6269
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...
CVE-2024-6269
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...
CVE-2024-6269 Ruijie RG-UAC HTTP POST Request sxh_vpnlic.php get_ip.addr_details command injection
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...
CVE-2024-6269 Ruijie RG-UAC HTTP POST Request sxh_vpnlic.php get_ip.addr_details command injection
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...
CVE-2024-6269
CVE-2024-6269 affects Ruijie RG-UAC 1.0. The vulnerability lives in the HTTP POST handler function get_ip.addr_details in /view/vpn/autovpn/sxh_vpnlic.php, where manipulating the indevice argument enables remote command injection. Public exploit information exists. Affected product behavior and r...
Zyxel NAS Multiple Vulnerabilities
The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request. CVE-2024-29973 - Th...
CVE-2024-3150
In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint...
CVE-2024-3150
In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint...
CVE-2024-3150 Privilege Escalation in mintplex-labs/anything-llm
In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint...
CVE-2024-3150 Privilege Escalation in mintplex-labs/anything-llm
In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint...