16600 matches found
GHSA-25PW-Q952-X37G Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...
CVE-2024-39205
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...
CVE-2024-39205
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...
CVE-2024-39205
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...
CVE-2024-39205
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...
CVE-2024-39205
CVE-2024-39205 affects pyload-ng (v0.5.0b3.dev85 and earlier) on Python 3.11 or below, exposing remote code execution via the /flash/addcrypted2 API. The root cause is the js2py sandbox escape (CVE-2024-28397) leveraged to bypass localhost access and run arbitrary commands on the host. Public dis...
PT-2025-16022 · Ibm · Ibm Qradar Wincollect Agent
Name of the Vulnerable Software and Affected Versions: IBM QRadar WinCollect Agent versions 10.0 through 10.1.13 Description: The issue allows a remote attacker to cause a denial of service by interrupting an HTTP request, which could consume memory resources. Recommendations: For versions 10.0...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-2696)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.12.0 : python-pip (EulerOS-SA-2024-2778)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTT...
Fortinet FortiWeb OS command injection (FG-IR-21-120)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-120 advisory. - Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interfa...
[SECURITY] [DSA 5797-1] twisted security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5797-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2024 https://www.debian.org/security/faq -...
CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...
CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...
CVE-2024-10381
CVE-2024-10381 affects Matrix Door Controller Cosec Vega FAXQ, where the web-based management interface has an improper session-management implementation. A remote attacker can send specially crafted HTTP requests to the vulnerable device, potentially gaining unauthorized access and full control....
CVE-2024-47801
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...
CVE-2024-47549
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...
CVE-2024-47549
CVE-2024-47549 affects Sharp and Toshiba Tec MFPs. The issue stems from improper processing of query parameters in HTTP requests, which can contaminate unintended data into HTTP response headers. Accessing a crafted URL targeting an affected product may cause malicious script execution in the web...
CVE-2024-43424
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...
CVE-2024-43424
CVE-2024-43424 affects Sharp and Toshiba Tec MFPs. The vulnerability arises from improper processing of HTTP request headers, leading to an out-of-bounds read. This can cause crafted HTTP requests to crash affected products. Documents indicate remediation via firmware updates from the vendors, an...
CVE-2024-43424
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...