Osprey Pump Controller 1.0.1 userName Command Injection Vulnerability

Osprey Pump Controller 1.0.1 userName Blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mira...

K85307687: cURL and libcurl vulnerabilities CVE-2014-3613, CVE-2014-3707, and CVE-2014-8150

Security Advisory Description CVE-2014-3613 cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site...

[SECURITY] Fedora 37 Update: curl-7.85.0-6.fc37

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2022-38375

An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

Authorization

An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

CVE-2022-38375

An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

CVE-2022-38375

An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

FortiNAC - Unauthenticated access to administrative operations

An improper authorization vulnerability CWE-285 in FortiNAC may allow an unauthenticated attacker to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

CVE-2022-45725

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request...

Input validation

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request...

CVE-2022-45725

CVE-2022-45725 affects Comfast CF-WR6110N router (firmware version 2.3.1). The issue is improper input validation that could allow a remote, adjacent-network attacker to execute arbitrary code via HTTP POST requests. Exploitation details (payloads, specific endpoints, affected firmware variants b...

CVE-2023-0686

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function updatecart of the file /oews/classes/Master.php?f=updatecart of the component HTTP POST Request Handler. The manipulation of the argument cartid leads to sql injectio...

Sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function updatecart of the file /oews/classes/Master.php?f=updatecart of the component HTTP POST Request Handler. The manipulation of the argument cartid leads to sql injectio...

CVE-2023-0686 SourceCodester Online Eyewear Shop HTTP POST Request update_cart sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function updatecart of the file /oews/classes/Master.php?f=updatecart of the component HTTP POST Request Handler. The manipulation of the argument cartid leads to sql injectio...

CVE-2023-0686 SourceCodester Online Eyewear Shop HTTP POST Request update_cart sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function updatecart of the file /oews/classes/Master.php?f=updatecart of the component HTTP POST Request Handler. The manipulation of the argument cartid leads to sql injectio...

CRYPTBOT Information-Stealing Malware Targeting Your Browser and Crypto-Wallet

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CRYPTBOT is malware that steals personal information by gathering browser credentials, cookies, cryptocurrency wallets, and system information. It then compresses the collected data into a zip file and...

4images 1.9 Remote Command Execution Vulnerability

Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x dns.php Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x dns.php Conditional Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x traceroute.php Conditional Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Puls...

VulnCheck KEV: CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow...