168 matches found
CVE-2023-31856
A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...
Command injection
A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...
CVE-2023-31856
Summary: CVE-2023-31856 affects TOTOLINK CP300+ firmware V5.2cu.7594_B20200910. The issue is a command-injection in the hostTime parameter of the function NTPSyncWithHost, exploitable via a crafted HTTP packet. This can allow an attacker to execute arbitrary commands remotely with no user interac...
CVE-2023-20118
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user...
Schneider Electric PowerLogic Improper Input Validation (CVE-2021-22767)
UNSUPPORTED WHEN ASSIGNED A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from...
Schneider Electric PowerLogic Improper Input Validation (CVE-2021-22768)
UNSUPPORTED WHEN ASSIGNED A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from...
Cisco Secure Web Appliance < 14.5.0-537 Privilege Escalation (cisco-sa-wsa-prv-esc-8PdRU8t8)
According to its self-reported version, Cisco Web Security Appliance WSA is affected by a privilege escalation vulnerability. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An authenticated, remote attacker could exploit this vulnerability to...
CVE-2022-2337
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2547
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2335
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2335
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-1069
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-1069
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
Design/Logic Flaw
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
Design/Logic Flaw
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2337 Softing Secure Integration Server NULL Pointer Dereference
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2337 Softing Secure Integration Server NULL Pointer Dereference
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-1069 Softing Secure Integration Server Out-of-bounds Read
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2335 Softing Secure Integration Server Integer Underflow
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2335
Softing Secure Integration Server is affected by CVE-2022-2335 via an integer underflow in the HTTP Content-Length handling. A crafted HTTP packet with a -1 content-length header can cause a denial-of-service on vulnerable installations (notably versions around V1.22). The vulnerability is exploi...