CVE-2024-39091

An OS command injection vulnerability in the ccmdebug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request...

CVE-2024-39091

An OS command injection vulnerability in the ccmdebug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request...

CVE-2024-39091

An OS command injection vulnerability in the ccmdebug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request...

CVE-2024-39091

An OS command injection vulnerability in the ccmdebug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request...

CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

Insufficiently complex hash function used in `useFetch` means return data cannot be trusted

Description The useFetch function uses the ohash library to key requests. This hash function outputs a 32 bit number. Finding a collision for this function is easy. In a situation where useFetch is called more than once, any call after the first that contains untrusted input into any argument is...

WordPress Stafflist 3.1.2 Cross Site Request Forgery

Exploit Title: WordPress Plugin stafflist 3.1.2 - CSRF Authenticated Date: 05-02-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: A CSRF vulnerability exists i...

CVE-2020-19778

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "userid" in the HTML request...

CVE-2020-19778

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "userid" in the HTML request...

Cross site request forgery (csrf)

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "userid" in the HTML request...

CVE-2020-19778

ShopXO CVE-2020-19778 affects v1.4.0–v1.5.0 and is due to Incorrect Access Control. An attacker can gain privileges by manipulating the user_id parameter in the HTML request to /index.php. The issue is documented with high severity (CVSS v3.1 base score 9.8, CRITICAL) and involves remote, unauthe...

CVE-2020-19778

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "userid" in the HTML request...

Security Bulletin: Command Injection Vulnerability in IBM® Rational® Quality Manager (CVE-2016-0326)

Summary IBM® Rational® Quality Manager could allow an authenticated attacker to inject commands through a specially crafted HTML request that would be executed by the operating system with user privileges. Vulnerability Details CVEID: CVE-2016-0326 DESCRIPTION: IBM Rational Quality Manager could...

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User) Vulnerability

Exploit for php platform in category web applications Exploit Title:​​ Cross Site Request Forgery- Frog CMS Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Version: 0.9.5 CVE :...

Design/Logic Flaw

IBM Rational Quality Manager RQM and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."...

CVE-2016-0326

IBM Rational Quality Manager RQM and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."...

CVE-2016-0326

Summary: IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management (CLM) are affected by a command injection vulnerability (CVE-2016-0326). An authenticated attacker can inject commands via a specially crafted HTML request, causing OS commands to execute with the user’s p...