16600 matches found
CVE-2024-45597 Pluto's http.request allows CR and LF in header values
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...
CVE-2023-44254
An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...
CVE-2024-21753
Fortinet FortiClientEMS is affected by a path traversal vulnerability (CVE-2024-21753) across multiple releases: 1.2.1–1.2.5, 6.0.0–6.0.8, 6.2.0–6.2.9, 6.4.0–6.4.9, 7.0.0–7.0.13, and 7.2.0–7.2.4. The issue stems from improper limitation of a pathname to a restricted directory, allowing a remote a...
CVE-2023-44254
An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...
CVE-2023-44254
CVE-2023-44254 describes an authorization bypass via a user-controlled key (CWE-639) in Fortinet FortiAnalyzer and FortiManager. Affected: FortiAnalyzer 7.4.1 and prior to 7.2.5; FortiManager 7.4.1 and prior to 7.2.5. Impact stated: remote attacker with low privileges could read sensitive data th...
CVE-2023-44254
An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...
Dairy Farm Shop Management System 1.2 SQL Injection / Code Execution
============================================================================================================================================= | Title : Dairy Farm Shop Management System 1.2 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...
PT-2024-7641
Name of the Vulnerable Software and Affected Versions pyload-ng version 0.5.0b3.dev85 pyload running under python3.11 or below Description The issue is related to insufficient input validation in the pyload software, allowing a remote attacker to execute arbitrary code by sending a specially...
CVE-2024-42342
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...
CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...
CVE-2024-42342
Loway QueueMetrics is affected by an HTTP request/response smuggling vulnerability (CWE-444). The linked documents identify the issue in QueueMetrics and cite version 22.11.6 as affected, describing it as an environmental issue vulnerability. No explicit fix/version is provided across the connect...
CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...
GO-2024-3118 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill...
CVE-2024-8517
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...
CVE-2024-8517
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...
Security Bulletin: Multiple vulnerabilities in Netty affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis
Summary There are vulnerabilities in various versions of Netty that affect Apache Solr, Apache Zookeeper and Logstash. The vulnerabilities are in Vulnerability Details section Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw i...
Security Bulletin: Vulnerability in Go affects watsonx.data
Summary Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sendin...
GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...