16602 matches found
Oracle WebLogic Server OS Command Injection Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document...
ROS-20240603-04
Vulnerability of modproxy module of Apache HTTP Server web server is related to failure to take measures to process CRLF sequences in HTTP headers. CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker, acting remotely to perform HTTP response splitting attacks...
GHSA-9P73-X86V-JW57 path traversal vulnerability was identified in the parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
path traversal vulnerability was identified in the parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
CVE-2024-23316 PingAccess HTTP Request Desynchronization Weakness
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
Check Point Security Gateway RCE Exploit Tool CVE-2024-249...
CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...
CVE-2024-23692
CVE-2024-23692 affects Rejetto HTTP File Server (HFS) versions up to 2.3m. The vulnerability is a server‑side template injection in the search parameter that is reflected into HFS templates, allowing an unauthenticated attacker to execute arbitrary commands (remote code execution). Exploitation c...
CVE-2024-23692 Rejetto HTTP File Server 2.3m Unauthenticated RCE
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-27982, CVE-2024-27983)
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...
CVE-2024-4330
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
CVE-2024-4330 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
CVE-2024-4330 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...
JVN#80506242: awkblog vulnerable to OS command injection
awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product...
CVE-2023-46297
An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.15 security update
Red Hat OpenShift Container Platform release 4.15.15 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
CVE-2023-46297
An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...
CVE-2023-46297
CVE-2023-46297 affects Mercusys MW325R EU V3 (firmware 1.11.0 221019). An unauthenticated HTTP request can render the admin interface unreachable/invisible; data verification is not performed, and affected UI files become unavailable. The web server remains up, but the admin UI is hidden, typical...
JVN#15637138: EC-Orange vulnerable to authorization bypass
EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability CWE-639. This is the same issue as JVN51770585 EC-CUBE vulnerable to authorization bypass. Impact A user of the...
CVE-2023-43846
Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request. The logs contain such information as user names and IP addresses used in the infrastructure. This information may help the...