Important: ruby3.2

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

Important: ruby3.2

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2024-743)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-743 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., GET /admin...

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

CVE-2024-10005

CVE-2024-10005 affects Consul and Consul Enterprise. The issue arises from using URL paths in L7 traffic intentions, allowing bypass of HTTP request path-based access rules. Evidence from multiple sources (NVD entry and industry advisories) confirms the vulnerability in Consul’s URL path handling...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-24777

A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability...

CVE-2024-24777

LevelOne WBR-6012 Web Application CSRF (CVE-2024-24777) vulnerability affecting the router model LevelOne WBR-6012 with firmware R0.40e6. The web application does not enforce origin checks, allowing attackers to induce unauthorized actions via a crafted HTTP request from a malicious page. Talos c...

CVE-2024-33626

CVE-2024-33626 affects LevelOne WBR-6012. Cisco TALOS confirms a web application information-disclosure vulnerability that exposes the WiFi WPS PIN via a hidden page accessible over HTTP. Confirmed vulnerable version: LevelOne WBR-6012 R0.40e6. Exploitation could enable an attacker to connect to ...

CVE-2024-33623

CVE-2024-33623 affects LevelOne WBR-6012 router (R0.40e6). Talos notes an unauthenticated HTTP POST to /upg or /upg/fwug can trigger a crash/reboot due to improper handling of POST data (looping until a carriage return). The vulnerability resides in the web application, with exploitation leading ...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

LevelOne WBR-6012 Web Application cross-site request forgery (CSRF) vulnerability

Talos Vulnerability Report TALOS-2024-1981 LevelOne WBR-6012 Web Application cross-site request forgery CSRF vulnerability October 30, 2024 CVE Number CVE-2024-24777 SUMMARY A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e...

LevelOne WBR-6012 Web Application information disclosure vulnerability

Talos Vulnerability Report TALOS-2024-1986 LevelOne WBR-6012 Web Application information disclosure vulnerability October 30, 2024 CVE Number CVE-2024-33626 SUMMARY The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive...

LevelOne WBR-6012 Web Application denial of service vulnerability

Talos Vulnerability Report TALOS-2024-2001 LevelOne WBR-6012 Web Application denial of service vulnerability October 30, 2024 CVE Number CVE-2024-33623 SUMMARY A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP...

Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...

GHSA-25PW-Q952-X37G Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...