CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

October System module has a Reflected XSS via X-October-Request-Handler Header

Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy...

CVE-2024-6269

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...

CVE-2024-6269

CVE-2024-6269 affects Ruijie RG-UAC 1.0. The vulnerability lives in the HTTP POST handler function get_ip.addr_details in /view/vpn/autovpn/sxh_vpnlic.php, where manipulating the indevice argument enables remote command injection. Public exploit information exists. Affected product behavior and r...

CVE-2024-5771

A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The atta...

LabVantage Solutions LIMS SQL Injection Vulnerability

LabVantage Solutions LIMS is a laboratory letter management system from LabVantage Solutions, USA. A SQL injection vulnerability exists in LabVantage Solutions LIMS version 2017, which stems from unknown code in the component POST Request Handler, which leads to an SQL injection via the param1...

The vulnerability of the HTTP Request Handler component in FortiWeb network appliances allows attackers to enhance their privileges.

The vulnerability of the HTTP Request Handler component in FortiWeb web applications is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

PT-2024-3954 · Fortinet · Fortiwebmanager

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWebManager versions 6.0.2, 6.2.3 through 6.2.4, 6.3.0, 7.0.0 through 7.0.4, and 7.2.0 Description: The issue is related to an improper authorization in the HTTP Request Handler component of Fortinet FortiWebManager, which can be...

CVE-2024-5428

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function saveproduct of the file /admin/index.php?page=manageproduct of the component HTTP POST Request Handler. The manipulation leads to cross-site reque...

The vulnerability of the NTPSyncWithHost function in the Request Handler component of TOTOLINK CP450 software allows a perpetrator to execute arbitrary code.

The vulnerability of the NTPSyncWithHost function in the Request Handler component of TOTOLINK CP450 router microprogramming software is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-5193 Ritlabs TinyWeb Server Request crlf injection

A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2024-5145 SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

CVE-2024-5145

The CVE-2024-5145 entry refers to SourceCodester Vehicle Management System (up to v1.0) with a flaw in the HTTP POST Request Handler, where manipulating the file parameter in /newdriver.php enables unrestricted uploads. Multiple sources confirm remote feasibility and public disclosure of exploits...

PT-2024-4722 · Unknown · Сервис Обновлений

Name of the Vulnerable Software and Affected Versions: Сервис обновлений affected versions not specified Description: The issue is related to the WSDL request handler in the "Сервис обновлений" software, which is associated with incorrect restriction of the directory path name. This could allow a...

CVE-2024-4583

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

CVE-2024-4583 Faraday GM8181/GM828x Request information disclosure

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

CVE-2024-4583

CVE-2024-4583 affects Faraday GM8181 and GM828x up to 20240429, with the vulnerability located in an unknown functionality of the Request Handler that leads to information disclosure. The issue is exploitable remotely, and the public exploit has been disclosed. Upgrading the affected component is...

CVE-2024-4583 Faraday GM8181/GM828x Request information disclosure

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

PT-2024-22986 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible out of bounds write in the lpm req handler function of lpm.c due to improper input validation. This could lead to loc...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc USA. A security vulnerability exists in Google Pixel that stems from an improper input validation in the lpmreqhandler module of the lpm.c file, which may result in out-of-bounds writes...