CVE-2024-8525

CVE-2024-8525 affects Automated Logic WebCTRL 7.0 (Premium Server). The issue is an unrestricted upload of a file with a dangerous type that an unauthenticated attacker can exploit via a crafted HTTP POST to achieve remote command execution and upload of a malicious file. Multiple connected sourc...

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

Heap overflow

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...

ManageEngine ServiceDesk Plus < 11.2 Build 11200 Unauthenticated Stored XSS

A stored cross-site scripting XSS vulnerability exists in the XML processing logic of asset discovery. By sending a crafted HTTP POST request to /discoveryServlet/WsDiscoveryServlet, a remote, unauthenticated attacker can create an asset containing malicious JavaScript. When an administrator view...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

CVE-2016-1380

Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service proxy-process hang via a crafted HTTP POST request, aka Bug ID CSCuo12171...

Design/Logic Flaw

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which...

Multiple Vulnerabilities in Pixie

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pixie which could be exploited to perform cross-site scripting, script insertions and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in Pixie The vulnerability exists due to input...

CVE-2008-2631

The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2006-4511

Messenger Agents nmma.exe in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service crash via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."...