CVE-2024-24777

LevelOne WBR-6012 Web Application CSRF (CVE-2024-24777) vulnerability affecting the router model LevelOne WBR-6012 with firmware R0.40e6. The web application does not enforce origin checks, allowing attackers to induce unauthorized actions via a crafted HTTP request from a malicious page. Talos c...

CVE-2024-33626

CVE-2024-33626 affects LevelOne WBR-6012. Cisco TALOS confirms a web application information-disclosure vulnerability that exposes the WiFi WPS PIN via a hidden page accessible over HTTP. Confirmed vulnerable version: LevelOne WBR-6012 R0.40e6. Exploitation could enable an attacker to connect to ...

CVE-2024-33623

CVE-2024-33623 affects LevelOne WBR-6012 router (R0.40e6). Talos notes an unauthenticated HTTP POST to /upg or /upg/fwug can trigger a crash/reboot due to improper handling of POST data (looping until a carriage return). The vulnerability resides in the web application, with exploitation leading ...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

LevelOne WBR-6012 Web Application denial of service vulnerability

Talos Vulnerability Report TALOS-2024-2001 LevelOne WBR-6012 Web Application denial of service vulnerability October 30, 2024 CVE Number CVE-2024-33623 SUMMARY A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP...

LevelOne WBR-6012 Web Application cross-site request forgery (CSRF) vulnerability

Talos Vulnerability Report TALOS-2024-1981 LevelOne WBR-6012 Web Application cross-site request forgery CSRF vulnerability October 30, 2024 CVE Number CVE-2024-24777 SUMMARY A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e...

LevelOne WBR-6012 Web Application information disclosure vulnerability

Talos Vulnerability Report TALOS-2024-1986 LevelOne WBR-6012 Web Application information disclosure vulnerability October 30, 2024 CVE Number CVE-2024-33626 SUMMARY The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive...

GHSA-25PW-Q952-X37G Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...

Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-39205

CVE-2024-39205 affects pyload-ng (v0.5.0b3.dev85 and earlier) on Python 3.11 or below, exposing remote code execution via the /flash/addcrypted2 API. The root cause is the js2py sandbox escape (CVE-2024-28397) leveraged to bypass localhost access and run arbitrary commands on the host. Public dis...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

PT-2025-16022 · Ibm · Ibm Qradar Wincollect Agent

Name of the Vulnerable Software and Affected Versions: IBM QRadar WinCollect Agent versions 10.0 through 10.1.13 Description: The issue allows a remote attacker to cause a denial of service by interrupting an HTTP request, which could consume memory resources. Recommendations: For versions 10.0...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-2696)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.0 : python-pip (EulerOS-SA-2024-2778)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTT...

Fortinet FortiWeb OS command injection (FG-IR-21-120)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-120 advisory. - Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interfa...

[SECURITY] [DSA 5797-1] twisted security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5797-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2024 https://www.debian.org/security/faq -...