DEBIAN-CVE-2026-31640

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...

EUVD-2011-2736

Malware in sbrugna...

EUVD-2022-29731

Malicious code in bioql PyPI...

CVE-2022-24983

Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique...

Magento 2 Community Edition Security Bypass

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation...

CVE-2022-24983

Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique...

CVE-2022-24983

Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique...

CVE-2022-24983

CVE-2022-24983 concerns forms generated by JQueryForm.com before 2022-02-05. The vulnerability allows remote attackers to obtain the URI of uploaded files by capturing the POST response (the Unique ID is included in the response). This is stated to enable unauthenticated remote code execution whe...

CVE-2019-8112

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation...

CVE-2018-12710

An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account which is a low privilege account access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML...

CVE-2018-12710

An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account which is a low privilege account access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML...

PT-2018-3889 · D Link · D-Link Dir-601

Name of the Vulnerable Software and Affected Versions: D-Link DIR-601 version 2.02NA Description: An issue allows an attacker with low privilege "User" account access to intercept the response from a POST request and obtain "Admin" rights due to the admin password being displayed in XML. The...

JoySale 2.2.1 - Arbitrary File Upload

JoySale Arbitrary File Upload Exploit Title: JoySale Arbitrary File Upload Exploit Author: Mutlu Benmutlu Date: 1/08/2017 Vendor Homepage: http://www.hitasoft.com/product/joysale-advanced-classifieds-script/ Version: Joysale v2.2.1 latest Google Dork: "joysale-style.css" Tested on : MacOS Sierra...