40 matches found
EUVD-2019-3162
Malware in sbrugna...
EUVD-2020-5985
Malware in sbrugna...
EUVD-2025-5579
Malicious code in bioql PyPI...
EUVD-2025-19327
Malicious code in bioql PyPI...
EUVD-2022-27974
Malicious code in bioql PyPI...
CVE-2025-6765
A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. Th...
CVE-2025-6765
CVE-2025-6765 affects Intelbras InControl 2.21.60.9, where the HTTP PUT Request Handler’s processing of the file at "/v1/operador/" can lead to permission issues. The vulnerability arises from how the endpoint handles PUT requests, enabling remote initiation with potential impact on permissions. ...
CVE-2025-6765 Intelbras InControl HTTP PUT Request operador permission
A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. Th...
PT-2025-27146 · Intelbras · Intelbras Incontrol
Name of the Vulnerable Software and Affected Versions: Intelbras InControl version 2.21.60.9 Description: A critical issue has been found in the HTTP PUT Request Handler component, affecting the processing of the file "/v1/operador/". This leads to permission issues and can be initiated remotely...
CVE-2022-22836
CoreFTP Server before 727 allows directory traversal for file creation by an authenticated attacker via ../ in an HTTP PUT request...
📄 Tomcat Partial PUT Java Deserialization
This Metasploit module exploits a Java deserialization vulnerability in Apache Tomcats session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the tomcatrootdir/webapps/ROOT/ directory. For the exploit to...
CVE-2024-55570
/api/user/users in the web GUI for the Cubro EXA48200 network packet broker build 20231025055018 fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access...
CVE-2024-55570
/api/user/users in the web GUI for the Cubro EXA48200 network packet broker build 20231025055018 fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access...
CVE-2024-45842
Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...
Arbitrary Code Execution
Graylog is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of class validation, which allows an attacker to send a HTTP PUT request to the /api/system/clusterconfig/ endpoint which results in the loading of arbitrary classes. This issue can be exploited by an attacker b...
CVE-2024-24824 graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...
CVE-2022-41948
CVE-2022-41948 describes a privilege-escalation in DHIS 2 core where a user with authority to manage users can self-assign superuser privileges by crafting an HTTP PUT request. The root cause is improper handling of user-management authority that allows self-elevation if the attacker is authentic...
Hikvision IP Camera Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras CVE-2021-36260. The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This...
Hikvision IP Camera Unauthenticated Command Injection
This module exploits an unauthenticated command injection in a variety of Hikvision IP cameras CVE-2021-36260. The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module...
Directory traversal
CoreFTP Server before 727 allows directory traversal for file creation by an authenticated attacker via ../ in an HTTP PUT request...