CVE-2021-35326

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows attackers to download the configuration file via sending a crafted HTTP request...

CVE-2021-31923

Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation...

CVE-2021-21928

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘macfilter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-21937

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘hostaltfilter’ parameter. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-21919

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack...

CVE-2021-21927

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘locfilter’ parameter...

CVE-2021-21926

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘healthfilter’ parameter...

CVE-2021-21935

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘hostaltfilter2’ parameter. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-21895

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21874

A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21873

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21887

A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21872

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host...

CVE-2020-21884

Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery CSRF vulnerability in /tools/network-trace, /listusers, /listbyod?usertype=raduser, /dhcpleases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device...

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...

CVE-2020-27231

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this...

CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

CVE-2020-35884

An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...

CVE-2020-27386

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...