16598 matches found
CVE-2024-11618
A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...
CVE-2024-11618 IPC Unigy Management System HTTP Request server-side request forgery
A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...
CVE-2024-11618 IPC Unigy Management System HTTP Request server-side request forgery
A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...
CVE-2024-11618
Affects IPC Unigy Management System 04.03.00.08.0027; vulnerability in the HTTP Request Handler leading to server-side request forgery (SSRF). Exploitation can be remote and public details exist. The CVE describes a critical issue; multiple sources confirm remote exploitation with an exposed expl...
HTTP Request Smuggling
aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of newlines in chunk extensions via the feeddata function by which an attacker can bypass firewall or proxy protections by sending specially crafted requests...
Exploit for CVE-2024-9441
CVE-2024-9441-POC CVE-2024-9441 is a command injection vulner...
The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, allows a malicious individual to read arbitrary files from the root file system.
The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData event monitoring and analysis tools, is related to an incorrect limitation on the path name to the restricted directory. Exploiting...
CVE-2024-8525 Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file...
CVE-2024-29224
An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28892
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28025
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-28026
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-28027
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-21786
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-21855
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28892
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28892
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28892
CVE-2024-28892 : A command-injection flaw exists in the name parameter of GoCast 1.1.3 (github.com/mayuresh82/gocast). A specially crafted, unauthenticated HTTP request can cause arbitrary command execution on the server. Documented as a network‑proximate vulnerability with high impact across con...
CVE-2024-29224
An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-29224
An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...