CVE-2018-25358 D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

CVE-2018-25358

The CVE-2018-25358 entry concerns the D-Link DIR-601 (firmware 2.02NA) where an unauthenticated attacker can disclose credentials via /my_cgi.cgi by manipulating the table_name parameter in POST requests. Affected data includes administrative credentials and wireless keys, exposed in cleartext. T...

EUVD-2021-32629

Malicious code in bioql PyPI...

pixiv: Bypassing Inbox Privacy Settings and Enabling Spam on Pixiv.net

A vulnerability was discovered in the messaging system of Pixiv.net. The vulnerability allowed any user to bypass the inbox privacy settings and send messages to another user who had disabled their inbox. The vulnerability was triggered by manipulating the id parameter in the message-sending POST...

CVE-2023-45868

CVE-2023-45868 concerns the Learning Module in ILIAS 7.25 (2023-09-12 release). The vulnerability allows a high-impact Directory Traversal leading to confidentiality and availability loss. An attacker with basic user privileges can exploit the issue by manipulating a POST request during exercise ...

CVE-2021-45914

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...

Design/Logic Flaw

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator...

CVE-2018-7633

Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...

CVE-2018-7633

The CVE-2018-7633 entry concerns Epicentro firmware (E_7.3.2+) where the /ui/login form Language parameter is vulnerable to code injection. The issue allows an attacker to cause JavaScript execution by directing a user to submit a tampered POST request, indicating an input handling flaw in the lo...

CVE-2017-9367

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request...

CVE-2017-1326

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060...

XSS attack in macro rendering preview

Example: insert lorem ipsum macro edit macro in lightbox and press preview alter the post request as follows: POST /confluence/rest/tinymce/1/macro/preview HTTP/1.1 Host: test.foo.com Connection: keep-alive Content-Length: 136 Accept: text/html, /; q=0.01 Origin: https://test.foo.com...

SnipSnap 0.5.2 - HTTP Response Splitting

source: https://www.securityfocus.com/bid/11180/info SnipSnap is reported prone to an HTTP response splitting vulnerability. The issue exists in the 'referer' parameter. The issue presents itself due to a flaw in the application that allows an attacker to manipulate how POST requests are handled...