CVE-2021-21929

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prodfilter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-21804

A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

CVE-2021-41436

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56UV2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 SeriesRT-AX86U/RT-AX86S, RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 TUF-AX5400, ASUS...

CVE-2021-27953

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request...

CVE-2021-33687

SAP NetWeaver AS JAVA Enterprise Portal, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information...

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

CVE-2021-35397

A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by...

CVE-2021-29296

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vctwan; the sbin/httpd would invoke the strchr function and take NULL as a first argument,...

CVE-2021-39509

An issue was discovered in D-Link DIR-816 DIR-816A2FWv1.10CNB05R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

CVE-2021-37200

A vulnerability has been identified in SINEC NMS All versions V1.0 SP1. An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request...

CVE-2021-36184

A improper neutralization of Special Elements used in an SQL Command 'SQL Injection' in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests...

CVE-2021-33822

An issue was discovered on 4GEE ROUTER HH70VB Version HH70E102.0022. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service...

CVE-2021-26827

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service DoS by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router...

CVE-2021-25762

In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible...

CVE-2021-24015

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...

CVE-2021-21924

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘descfilter’ parameter...

CVE-2021-21918

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘namefilter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery...

CVE-2021-21921

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘namefilter’ parameter with the administrative account or through cross-site request forgery...

CVE-2021-21934

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imeifilter’ parameter. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-21923

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘companyfilter’ parameter with the administrative account or through cross-site request forgery...