CVE-2025-6765 Intelbras InControl HTTP PUT Request operador permission

A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. Th...

CVE-2025-6765 Intelbras InControl HTTP PUT Request operador permission

A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. Th...

CVE-2025-6765

CVE-2025-6765 affects Intelbras InControl 2.21.60.9, where the HTTP PUT Request Handler’s processing of the file at "/v1/operador/" can lead to permission issues. The vulnerability arises from how the endpoint handles PUT requests, enabling remote initiation with potential impact on permissions. ...

PT-2025-27146 · Intelbras · Intelbras Incontrol

Name of the Vulnerable Software and Affected Versions: Intelbras InControl version 2.21.60.9 Description: A critical issue has been found in the HTTP PUT Request Handler component, affecting the processing of the file "/v1/operador/". This leads to permission issues and can be initiated remotely...

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...

CVE-2023-0587

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory...

CVE-2022-22836

CoreFTP Server before 727 allows directory traversal for file creation by an authenticated attacker via ../ in an HTTP PUT request...

CVE-2020-8892

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests...

CVE-2025-2259

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...

CVE-2025-2259

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...

CVE-2025-2258

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...

CVE-2025-2259 Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the...

CVE-2025-2259

The TALOS report confirms a concrete vulnerability: Eclipse ThreadX NetX Duo HTTP server PUT handling can trigger an integer underflow in _nx_web_http_server_put_process when Content-Length in the first packet is smaller than data in the second, potentially writing a very large file and causing d...

CVE-2025-2258 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A...

Tomcat Partial PUT Java Deserialization

This module exploits a Java deserialization vulnerability in Apache Tomcat's session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the /webapps/ROOT/ directory. For the exploit to succeed, writes must be...

📄 Tomcat Partial PUT Java Deserialization

This Metasploit module exploits a Java deserialization vulnerability in Apache Tomcats session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the tomcatrootdir/webapps/ROOT/ directory. For the exploit to...

CVE-2024-55570

/api/user/users in the web GUI for the Cubro EXA48200 network packet broker build 20231025055018 fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access...

CVE-2024-55570

/api/user/users in the web GUI for the Cubro EXA48200 network packet broker build 20231025055018 fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access...

CVE-2025-0728

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaroun...

CVE-2025-0728

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaroun...