6 matches found
GHSA-562R-8445-54R2 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
Impact Vulnerability Type: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. Affected Users: Users...
CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...
CVE-2017-12778
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...
Cisco IOS XE Software 操作系统命令注入漏洞
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A command injection vulnerability exists in the web UI of Cisco IOS XE. The vulnerability stems from the affected software not properly validating values parsed from a specific...
CVE-2017-12778
CVE-2017-12778 concerns qBittorrent 3.3.15 UI Lock. The issue is an Authentication Bypass where an attacker with local access can gain access to qBittorrent functions by tampering the config file: set the 'locked' flag to 'false' inside the 'Locking' stanza (path: C:\Users\Roaming\qBittorrent). T...
CVE-2018-0334
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...