16601 matches found
CVE-2024-7954
The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...
K000140787: Gunicorn vulnerability CVE-2024-1135
Security Advisory Description Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This iss...
Spring Framework < 5.3.39 / 6.0.x < 6.0.23 / 6.1.x < 6.1.12 HTTP Request DoS (CVE-2024-38809)
The remote host contains a Spring Framework version prior to 5.3.39, 6.0.x prior to 6.0.23, or 6.1.x prior to 6.1.12. It is, therefore, affected by an HTTP Request DoS vulnerability: - Applications that parse ETags from 'If-Match' or 'If-None-Match' request headers are vulnerable to DoS attack...
Security Bulletin: IBM Concert Software is vulnerable to multiple issues
Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2015-5739 DESCRIPTION: Go is vulnerable to HTTP request smuggling, caused by a flaw in net/http library in net/textproto/reader.go. By sendin...
Server Side Request Forgery (SSRF)
ckan is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused due to CKAN plugins like XLoader, DataPusher, Resource proxy and ckanext-archiver not validating the resource URLs while making HTTP request to access the remote resources. This can lead to a malicious or unaware...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2270)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Event Registration and Attendance System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
GO-2023-1707 HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation in github.com/hashicorp/nomad
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation in github.com/hashicorp/nomad...
OESA-2024-1986 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1...
Tenda FH1206 Command Execution Vulnerability
Tenda FH1206 is a dual-band wireless router from Tenda, designed for large homes with fiber optics. The Tenda FH1206 suffers from a command execution vulnerability that originates from an arbitrary command execution vulnerability contained in the handler parameter of the /goform/telnet file, whic...
ROS-20240816-03
Vulnerability of HTTP Daemon is related to inconsistent interpreting of HTTP requests when processing 'Content-Length' string values. when processing 'Content-Length' string values. Exploitation of the vulnerability could allow an attacker, acting remotely, to escalate their privileges by sending...
ROS-20240816-16
A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...
CVE-2024-42978
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42947
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42947
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42978
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42978
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42947
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42978
CVE-2024-42978 affects the Tenda FH1206 router (version v02.03.01.35). The vulnerability lies in the handler function for /goform/telnet, where insufficient input sanitization allows remote attackers to execute arbitrary commands via a crafted HTTP request. CVSS v3.1 base score 9.8 (CRITICAL) wit...
CVE-2024-42947
The CVE-2024-42947 entry concerns Tenda FH1201 v1.2.0.14. A vulnerability in the /goform/telnet handler allows an attacker to execute arbitrary commands through a crafted HTTP request, enabling remote command execution with network access. This is evidenced by several connected sources referencin...