159 matches found
CVE-2024-46898
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...
CVE-2024-39299
A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-53582
CVE-2024-53582 affects OpenPanel v0.3.4, where the Copy and View functions in the File Manager are vulnerable to directory traversal via crafted HTTP requests. The root cause is a directory traversal flaw in the File Manager’s Copy and View endpoints, enabling an attacker to access filesystem pat...
CVE-2024-39608
A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability...
CVE-2024-38666
An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-21797
A command execution vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39764
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39762
CVE-2024-39762 affects the Wavlink AC3000 (M33A8.V5030.210505). The vulnerability resides in the internet.cgi set_add_routing() function, specifically the netmask parameter, where input is fed into a shell command via popen without input filtering, allowing OS command injection after an authentic...
CVE-2024-34544
A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39790
Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...
CVE-2024-39786
The provided connected docs confirm CVE-2024-39786 affects Wavlink AC3000 NAS via nas.cgi add_dir(), specifically the adddir_name parameter. TALOS details show a directory traversal vulnerability allowing an attacker to supply a crafted adddir_name (e.g., using multiple ../ sequences) to manipula...
Wavlink AC3000 testsave.sh Information Disclosure vulnerability
Talos Vulnerability Report TALOS-2024-2035 Wavlink AC3000 testsave.sh Information Disclosure vulnerability January 14, 2025 CVE Number CVE-2024-39773 SUMMARY An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...
CVE-2024-12840
Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug...
ROS-20240816-16
A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...
CVE-2023-40547 Shim: rce in http boot support may lead to secure boot bypass
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...
Fortinet FortiOS and FortiProxy Denial of Service Vulnerabilities
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. FortiProxy is a web proxy soluti...
PT-2023-17399 · Dassault Systèmes · Simulia 3Dorchestrate
Name of the Vulnerable Software and Affected Versions: SIMULIA 3DOrchestrate versions 3DEXPERIENCE R2021x through 3DEXPERIENCE R2023x Description: An OS Command Injection issue exists, allowing arbitrary command execution through a specially crafted HTTP request. Recommendations: For SIMULIA...
PT-2023-5077 · Milesight · Milesight Ur32L
Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: Multiple buffer overflow vulnerabilities exist in the vtysh ubus binary due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An...
PT-2023-2828 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Identity Services Engine ISE that could allow an authenticated attacker to delete or read arbitrary...
CVE-2023-27638
An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommercedesigncartid GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and...