3632 matches found
CVE-2021-31226
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
Heap overflow
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
Heap overflow
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
CVE-2021-31227
CVE-2021-31227 affects HCC Embedded InterNiche/NicheStack. It is a heap-buffer-overflow in the HTTP POST parsing path (wbs_multidata) caused by an incorrect signed-integer comparison. Exploitation requires sending a malformed HTTP packet with a negative Content-Length, bypassing size checks and t...
CVE-2021-31227
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
CVE-2021-31226
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
Fortinet FortiWeb 授权命令注入漏洞(CVE-2021-22123)
Fortinet FortiWeb OS Command Injection Aug 17, 2021 5 min read An OS command injection vulnerability in FortiWeb's management interface version 6.3.11 and prior can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page. This is ...
CVE-2021-29056
Cross Site Scripting XSS vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php...
CVE-2021-29056
Cross Site Scripting XSS vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php...
CVE-2021-29056
Cross Site Scripting XSS vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php...
CVE-2021-29056
Pixelimity 1.0 is affected by a Cross Site Scripting (XSS) vulnerability that can be triggered via an HTTP POST parameter to admin/setting.php. The root cause is a lack of proper validation/sanitization of client-side data in the web app. The impact is client-side code execution, potentially affe...
All Vulnerabilities for studentenwerk.sh Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| studentenwerk.sh ---|--- Open Bug Bount...
HCC Embedded InterNiche Input Validation Error Vulnerability (CNVD-2021-59228)
HCC Embedded InterNiche is a newsletter software. An input validation error vulnerability exists in the HCC Embedded InterNiche stack, which stems from a lack of size validation, code that parses HTTP POST requests, and can be exploited by an attacker to cause a heap buffer overflow...
Unspecified Vulnerability in HCC Embedded InterNiche (CNVD-2021-59227)
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche. The vulnerability stems from the TCP/IP stack parsing HTTP POST request code and can be exploited by an attacker to cause a cache heap overflow...
stoke.gov.uk Cross Site Scripting vulnerability OBB-2106969
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| stoke.gov.uk ---|--- Open Bug Bounty...
novaescola.org.br Cross Site Scripting vulnerability OBB-2106953
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| novaescola.org.br ---|--- Open Bug Boun...
CVE-2021-36802
Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product...
Cross site request forgery (csrf)
Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product...
CVE-2021-36802 Akaunting DoS via User-Controlled 'locale' Variable
Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product...