CVE-2021-21936

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘healthaltfilter’ parameter. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-29357

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 and LifeTime management console before 11.7.0 allows SSRF for arbitrary outbound HTTP requests...

CVE-2021-32585

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests...

CVE-2021-32590

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...

CVE-2021-1425

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is bei...

GHSA-3QMP-G57H-RXF2 Duplicate Advisory: Pingora Request Smuggling and Cache Poisoning

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-93c7-7xqw-w357. This link is maintained to preserve external references. Original Description Pingora versions prior to 0.5.0 which used the caching functionality in pingora-proxy did not properly drain the...

Duplicate Advisory: Pingora Request Smuggling and Cache Poisoning

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-93c7-7xqw-w357. This link is maintained to preserve external references. Original Description Pingora versions prior to 0.5.0 which used the caching functionality in pingora-proxy did not properly drain the...

CVE-2021-3965

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews...

CVE-2021-38177

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP syst...

CVE-2021-36180

Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

CVE-2021-36186

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2021-36176

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests...

CVE-2021-36190

A unintended proxy or intermediary 'confused deputy' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests...

CVE-2021-32595

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests...

CVE-2021-24009

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

CVE-2021-21932

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘namefilter’ parameter. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-21930

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘snfilter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-21931

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ statfilter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-21920

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surnamefilter’ parameter with the administrative account or through cross-site request forgery...

CVE-2021-21916

An exploitable SQL injection vulnerability exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request at 'descriptionfilter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any...