CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-47801

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

Sharp MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from incorrect handling of query parameters in HTTP requests, which could result in unexpected data contamination of the HTTP response header...

Sharp MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from incorrect handling of query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability...

PT-2024-32820 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL...

Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibl...

CVE-2024-38863

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions 2.3.0p18, 2.2.0p35 and 2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks...

H2O 代码问题漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O-3 version 3.46.0.4, which stems from the fact that incorrect manipulation of the parameter query can lead to deserialization...

Reedos aiM-Star 安全漏洞

Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1 that stems from improper access control to certain API endpoints, which allows an attacker to manipulate parameters to access sensitive information via ...

CVE-2024-42360

SequenceServer (BLAST+ web UI) is affected by a command injection due to improper sanitization in several HTTP endpoints. Versions prior to 3.1.2 are vulnerable; exploitation could allow arbitrary shell command execution. The issue has been fixed in 3.1.2. Remediation: upgrade to SequenceServer 3...

The vulnerability of the software for detecting vulnerabilities and errors in PT Application Inspector, due to improper checking of query parameters, allows a perpetrator to execute arbitrary code.

The vulnerability of the PT Application Inspector’s software for detecting vulnerabilities and errors is related to improper checking of query parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

GHSA-QV32-5WM2-P32H Command Injection in sequenceserver

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

CVE-2024-33003

CVE-2024-33003 affects SAP Commerce Cloud via the OCC API Endpoint component. The root issue is that certain OCC API endpoints may include PII (passwords, emails, mobile numbers, coupon/voucher codes) in the request URL as query or path parameters, leading to potential disclosure and integrity im...

Command Injection in sequenceserver gem

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

SAP Commerce Cloud 信息泄露漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud that stems from certain OCC API endpoints that allow...

PT-2024-6173 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access t...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to insufficient protection of sensitive data, allows attackers to disclose confidential information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient protection of operational data when processing query parameters. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by sending special...