CVE-2024-5428 SourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgery

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function saveproduct of the file /admin/index.php?page=manageproduct of the component HTTP POST Request Handler. The manipulation leads to cross-site reque...

CVE-2024-5145

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

CVE-2024-5145

The CVE-2024-5145 entry refers to SourceCodester Vehicle Management System (up to v1.0) with a flaw in the HTTP POST Request Handler, where manipulating the file parameter in /newdriver.php enables unrestricted uploads. Multiple sources confirm remote feasibility and public disclosure of exploits...

CVE-2024-5145 SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

CVE-2024-5145 SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287 Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update flow. The flaw occurs when JSON data sent via HTTP POST to /api/workspace/:workspace-slug/update is not properly validated/formatted, allowing the payload to be executed as part of a dat...

SourceCodester Vehicle Management 代码问题漏洞

SourceCodester Vehicle Management is a vehicle management software from SourceCodester, Inc. A code issue exists in the SourceCodester Vehicle Management System up to version 1.0, which is caused by an unknown function in the component HTTP POST Request Handler. that causes unrestricted uploads v...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

CVE-2024-27453

Summary: CVE-2024-27453 affects Extreme XOS up to version 22.6.1.4. A read-only user can escalate to root by sending a crafted HTTP POST to the Machine-to-Machine Interface (MMI) Python method. This is a network-accessible vulnerability with no user interaction required. Affected software/area: E...

PT-2024-21906 · Extreme · Extremexos

Name of the Vulnerable Software and Affected Versions: Extreme XOS versions 22.6.1.4 and earlier Description: A read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI. Recommendations: For Extreme XOS versions...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

Authorization Bypass

Wagtail is vulnerable to Authorization Bypass. The vulnerability is due to inadequate checks in the ModelViewSet and wagtail.contrib.settings modules, allowing users with general edit permissions to update fields they are otherwise restricted from accessing via crafted HTTP POST requests...

CVE-2024-32882 Permission check bypass when editing a model with per-field restrictions in wagtail

Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more...

Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`

Impact If a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific...

[SECURITY] Fedora 39 Update: curl-8.2.1-5.fc39

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Gambio Online Webshop 4.9.2.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gambio onli...