Lucene search
K

16598 matches found

NVD
NVD
added 2024/11/22 7:15 p.m.10 views

CVE-2024-11618

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...

7.5CVSS0.00577EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/22 7:0 p.m.14 views

CVE-2024-11618 IPC Unigy Management System HTTP Request server-side request forgery

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...

7.5CVSS7.3AI score0.00577EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/22 7:0 p.m.17 views

CVE-2024-11618 IPC Unigy Management System HTTP Request server-side request forgery

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...

7.5CVSS0.00577EPSS
Exploits0References4
CVE
CVE
added 2024/11/22 7:0 p.m.58 views

CVE-2024-11618

Affects IPC Unigy Management System 04.03.00.08.0027; vulnerability in the HTTP Request Handler leading to server-side request forgery (SSRF). Exploitation can be remote and public details exist. The CVE describes a critical issue; multiple sources confirm remote exploitation with an exposed expl...

7.5CVSS7.3AI score0.00577EPSS
Exploits0References4
Veracode
Veracode
added 2024/11/22 5:59 a.m.5 views

HTTP Request Smuggling

aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of newlines in chunk extensions via the feeddata function by which an attacker can bypass firewall or proxy protections by sending specially crafted requests...

7.5CVSS6.2AI score0.00576EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2024/11/22 2:4 a.m.325 views

Exploit for CVE-2024-9441

CVE-2024-9441-POC CVE-2024-9441 is a command injection vulner...

10CVSS8.2AI score0.97136EPSS
Exploits18
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.5 views

The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, allows a malicious individual to read arbitrary files from the root file system.

The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData event monitoring and analysis tools, is related to an incorrect limitation on the path name to the restricted directory. Exploiting...

6.8CVSS5.6AI score0.00838EPSS
Exploits0References3Affected Software3
Vulnrichment
Vulnrichment
added 2024/11/21 3:32 p.m.15 views

CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...

10CVSS7.2AI score0.0143EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 3:15 p.m.22 views

CVE-2024-29224

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS0.06292EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 3:15 p.m.31 views

CVE-2024-28892

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS0.06445EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 3:15 p.m.12 views

CVE-2024-28025

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

7.2CVSS0.07504EPSS
Exploits1References2
NVD
NVD
added 2024/11/21 3:15 p.m.19 views

CVE-2024-28026

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

7.2CVSS0.05838EPSS
Exploits1References2
NVD
NVD
added 2024/11/21 3:15 p.m.12 views

CVE-2024-28027

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

7.2CVSS0.07504EPSS
Exploits1References2
NVD
NVD
added 2024/11/21 3:15 p.m.26 views

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS0.10514EPSS
Exploits1References2
NVD
NVD
added 2024/11/21 3:15 p.m.20 views

CVE-2024-21855

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS0.02036EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/21 2:41 p.m.35 views

CVE-2024-28892

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS0.06445EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/21 2:41 p.m.15 views

CVE-2024-28892

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS7.7AI score0.06445EPSS
Exploits0References1
CVE
CVE
added 2024/11/21 2:41 p.m.77 views

CVE-2024-28892

CVE-2024-28892 : A command-injection flaw exists in the name parameter of GoCast 1.1.3 (github.com/mayuresh82/gocast). A specially crafted, unauthenticated HTTP request can cause arbitrary command execution on the server. Documented as a network‑proximate vulnerability with high impact across con...

9.8CVSS9.8AI score0.06445EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 2:41 p.m.18 views

CVE-2024-29224

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS7.7AI score0.06292EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/21 2:41 p.m.37 views

CVE-2024-29224

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS0.06292EPSS
Exploits0References1
Rows per page
Query Builder