16600 matches found
CVE-2024-41628
This CVE (CVE-2024-41628) affects Severalnines Cluster Control CMON API. The vulnerability is a Directory Traversal that allows an unauthenticated remote attacker to include and display arbitrary server files via HTTP requests to CMON API endpoints. Affected versions are Cluster Control 1.9.8 bef...
ROS-20240726-08
Vulnerability in the httpjson component of Elastick Stack Filebeat is due to a bug in the input data of the httpjson, because of which the contents of the Authorization or Proxy-Authorization http-request header may into the debug logs. Exploitation of the vulnerability could allow an attacker...
CVE-2024-41628
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API...
VulnCheck KEV: CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
CVE-2024-39962
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...
CVE-2024-6908
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...
CVE-2024-6908
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...
CVE-2024-6908
The CVE-2024-6908 entry concerns Yugabyte Platform, where improper privilege management allows an authenticated admin to escalate to SuperAdmin via a crafted PUT request, potentially granting access to sensitive functions and data. The described impact is unauthorized access to sensitive system c...
Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server
🚨Alert🚨Apache Vulnerability 🚨Alert🚨Security Advisory: CVE-2024...
CVE-2024-39962
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...
CVE-2024-39962
CVE-2024-39962 affects the D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router (v21_D240126). The vulnerability is a remote code execution (RCE) in the ntp_zone_val parameter exposed via the /goform/set_ntp endpoint, exploitable through a crafted HTTP request. Multiple connected sources corr...
ROS-20240719-02
Vulnerability in the makeHttpRequest function of the htdocs/js/ajaxfunctions.js file of the web administration tool LDAP phpLDAPAPadmin is related to inconsistent interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause smuggling of http...
CVE-2024-40642
The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...
CVE-2024-40642 Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp
The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...
CVE-2024-40642 Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp
The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...
CVE-2024-40642
The CVE-2024-40642 issue affects the Netty incubator codec.bhttp BinaryHttpParser in affected releases, where readRequestHead mis-validates input values. This grants attackers significant control over HTTP requests constructed from parsed output, enabling injection attacks such as HTTP request sm...
GHSA-Q8F2-HXQ5-CP4H Absent Input Validation in BinaryHttpParser
Summary BinaryHttpParser does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync...
Absent Input Validation in BinaryHttpParser
Summary BinaryHttpParser does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync...
projectdiscovery/nuclei allows unsigned code template execution through workflows
Summary Find a way to execute code template without -code option and signature. Details write a code.yaml: yaml id: code info: name: example code template author: ovi3 code: - engine: - sh - bash source: | id http: - raw: - | POST /re HTTP/1.1 Host: Hostname coderesponse workflows: - matchers: -...
CVE-2024-20400
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...