CVE-2021-21874

A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21873

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21887

A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21872

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host...

CVE-2020-21884

Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery CSRF vulnerability in /tools/network-trace, /listusers, /listbyod?usertype=raduser, /dhcpleases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device...

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...

CVE-2020-27231

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this...

CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

CVE-2020-35884

An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...

CVE-2020-27386

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...

CVE-2020-6145

An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-6126

SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The courseperiodid parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities...

CVE-2020-6125

An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-6114

An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...

CVE-2020-6090

An exploitable code execution vulnerability exists in the Web-Based Management WBM functionality of WAGO PFC 200 03.03.1015. A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this...

CVE-2020-27245

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this...

CVE-2020-17564

Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component...

CVE-2020-35863

An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface...

CVE-2020-13913

An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c,...