Lucene search
+L

349 matches found

Cvelist
Cvelist
added 2024/05/17 9:53 a.m.94 views

CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

9.1CVSS10AI score0.76618EPSS
Exploits5References1
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.7 views

Shenzhen Libituo Technology LBT-T300-T400 安全漏洞

The Shenzhen Libituo Technology LBT-T300-T400 is an industrial router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-T400 v.3.2, which is caused by a buffer overflow vulnerability that can be exploited by a local attacker to...

7.8CVSS7.8AI score0.00254EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2024/03/25 12:0 a.m.312 views

LBT-T300-mini1 - Remote Buffer Overflow

include include define MAXLEN 256 define BUFFEROVERRUNLENGTH 50 define SHELLCODELENGTH 32 // NOP sled to increase the chance of successful shellcode execution char nopsledSHELLCODELENGTH =...

7.4AI score
Exploits0
OSV
OSV
added 2024/03/21 3:16 p.m.4 views

CVE-2024-29243

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpnclientip parameter at /apply.cgi...

9.8CVSS6.1AI score0.00817EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.6 views

PT-2024-22838 · Shenzhen Libituo Technology Co. · Lbt-T300-Mini

Name of the Vulnerable Software and Affected Versions: Shenzhen Libituo Technology Co., Ltd LBT-T300-mini version 1.2.9 Description: A buffer overflow issue was discovered via the vpn client ip parameter at the "/apply.cgi" API endpoint. Recommendations: For version 1.2.9, avoid using the vpn...

9.8CVSS6.6AI score0.00817EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.5 views

PT-2024-2610 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.6.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.2 Apache Pulsar versions 3.0.0 through 3.0.1 Apache Pulsar version 3.1.0 Description: The issue is related to an improper authentication vulnerability in t...

8.5CVSS7.1AI score0.01765EPSS
Exploits0References13
OSV
OSV
added 2024/03/08 11:7 a.m.5 views

OESA-2024-1250 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP wi...

6.5CVSS9.1AI score0.01126EPSS
Exploits1References2
OSV
OSV
added 2024/03/06 11:1 a.m.10 views

BIT-PARSE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...

8.7CVSS8.2AI score0.00664EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:59 a.m.27 views

BIT-GOLANG-2022-32148 Exposure of client IP addresses in net/http

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the...

6.5CVSS7.3AI score0.01126EPSS
Exploits1References6
OSV
OSV
added 2024/03/06 10:56 a.m.33 views

BIT-MOD_WSGI-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS7AI score0.0069EPSS
Exploits1References5
OSV
OSV
added 2024/03/01 2:15 p.m.4 views

CVE-2024-27567

LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpnclientip parameter in the configvpnpptp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

6.5CVSS5.8AI score0.00592EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.7 views

LinBle LBT T300-T390 Security Vulnerability

LinBle LBT T300-T390 is a 4G Industrial Router from LinBle China. A security vulnerability exists in the LinBle LBT T300-T390 v2.2.1.8, which is caused by a buffer overflow in the vpnclientip parameter of the configvpnpptp method...

6.5CVSS7.3AI score0.00592EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.7 views

PT-2024-21950 · Unknown · Lbt T300-T390

Name of the Vulnerable Software and Affected Versions: LBT T300- T390 version 2.2.1.8 Description: The issue is related to a stack overflow via the vpn client ip parameter in the config vpn pptp function, allowing attackers to cause a Denial of Service DoS via a crafted POST request...

6.5CVSS7.2AI score0.00592EPSS
Exploits1References4
Rosalinux
Rosalinux
added 2024/02/27 9:22 a.m.69 views

Advisory ROSA-SA-2024-2363

Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...

7.5CVSS6.9AI score0.0069EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.7 views

PT-2023-31967 · WordPress · Cleantalk

Name of the Vulnerable Software and Affected Versions: CleanTalk WordPress plugin versions prior to 2.121 Description: The issue allows an attacker to manipulate the client IP address retrieved by the Security & Malware scan, potentially bypassing bruteforce protection. This is due to the plugin...

7.5CVSS7.4AI score0.00653EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5775)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5775 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

7.5CVSS7.2AI score0.01885EPSS
Exploits4References20
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.26 views

Rocky Linux 9 : grafana-pcp (RLSA-2022:8250)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8250 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

7.5CVSS7.1AI score0.01626EPSS
Exploits2References13
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:41 p.m.24 views

Security Bulletin: IBM Storage Ceph is vulnerable via Exposure of Sensitive Information to an Unauthorized Actork in Golang (CVE-2022-32148)

Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-32148 Vulnerability Details CVEID: CVE-2022-32148 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by improper exposure of client IP addresses in net/htt...

6.5CVSS5.9AI score0.01126EPSS
Exploits1Affected Software1
NVD
NVD
added 2023/10/16 8:15 p.m.12 views

CVE-2023-5133

This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

7.5CVSS7.5AI score0.0055EPSS
Exploits2References1
Prion
Prion
added 2023/10/16 8:15 p.m.20 views

Code injection

This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

5CVSS7.4AI score0.0055EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder