EUVD-2021-10765

Malware in sbrugna...

EUVD-2016-8868

Malware in sbrugna...

EUVD-2023-51567

Malicious code in bioql PyPI...

CVE-2024-4817

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manageuser.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resourc...

CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manageuser.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resourc...

CVE-2020-7270

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2020-7269

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2020-7269 Sensitive Information Exposure in McAfee ATD

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2021-27113

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters...

CVE-2021-26810

D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dirsetWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser paramet...

Cross site scripting

An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefssmtppsw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. Th...

CVE-2021-23836

An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefssmtppsw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. Th...

CVE-2020-7262 Improper Access Control vulnerability in ATD

Improper Access Control vulnerability in McAfee Advanced Threat Defense ATD prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter...

CVE-2020-8427

In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass...

Input validation

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...

CVE-2019-3581 McAfee Web Gateway denial of service attack due to Improper Input Validation

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...

CVE-2018-12469

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server aka Enterprise Server Administration web UI in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer...

Command injection

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked...

CVE-2018-17063

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters...

CVE-2018-17064

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked...