CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-23663

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...

Command injection

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request...

CVE-2022-43391

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted HTTP request...

CVE-2022-27484

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request...

Cross site request forgery (csrf)

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request...

CVE-2019-16278

Directory Traversal in the function httpverify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request...

CVE-2018-1143

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonkycommand.cgi...

CVE-2016-7472

F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service DoS via a crafted HTTP request...

CVE-2018-7048

CVE-2018-7048 affects Wowza Streaming Engine prior to 4.7.1. The issue is a denial-of-service caused by memory consumption triggered by a crafted HTTP request, with network-based attack vector and no authentication required per the available descriptions. The NVD entry documents a base score of 5...

CVE-2018-5319

RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request...

CVE-2015-8334

SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...

CVE-2014-0808

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request...