Command injection

A command injection vulnerability in the “showzysyncservercontents” function of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

CVE-2023-35138

A command injection vulnerability in the “showzysyncservercontents” function of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

Sql injection

A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajaxblurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. Th...

CVE-2007-10003

The CVE-2007-10003 entry concerns The Hackers Diet Plugin for WordPress (up to version 0.9.6b). The vulnerability affects the ajax_blurb.php component of the HTTP POST Request Handler, where manipulation of the user parameter leads to SQL injection. Exploitation is remote possible. Remediation is...

[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2023-45228

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters...

CVE-2023-41966

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter...

Privilege escalation

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter...

Improper access control

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters...

CVE-2023-41966 Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter...

CVE-2023-41966

Summary of CVE-2023-41966 (Sielco hardware): Privilege escalation in Sielco Analog FM Transmitters and Radio Link devices via HTTP POST that sets a parameter, enabling a user with read permissions to elevate privileges (Write/Admin). Affected versions span multiple revisions including 2.12 EXC500...

CVE-2023-45228 Sielco Radio Link and Analog FM Transmitters Improper Access Control

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters...

CVE-2023-45228 Sielco Radio Link and Analog FM Transmitters Improper Access Control

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters...

CVE-2023-45228

CVE-2023-45228 concerns improper access control in Sielco Analog FM Transmitters/Radio Link devices. A user with read permissions can manipulate users, passwords and permissions by sending a single HTTP POST with modified parameters, potentially escalating privileges or altering admin credentials...

PT-2023-28196 · Sielco · Analog Fm Transmitter +12

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The application suffers from a privilege escalation issue. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter...

PT-2023-29464 · Sielco · Analog Fm Transmitter +12

Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The application has an issue with improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST...

Path Traversal

github.com/arduino/arduino-create-agent is vulnerable to Directory Traversal. When the attacker has access to the localhost interface, they can send a specially crafted HTTP POST request to the /v2/pkgs/tools/installed endpoint, specifying the path of the file or folder that they want to delete...

CVE-2023-43802

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...

CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...