16589 matches found
CVE-2024-42978
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42947
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42947
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42947
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42978
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42978
CVE-2024-42978 affects the Tenda FH1206 router (version v02.03.01.35). The vulnerability lies in the handler function for /goform/telnet, where insufficient input sanitization allows remote attackers to execute arbitrary commands via a crafted HTTP request. CVSS v3.1 base score 9.8 (CRITICAL) wit...
CVE-2024-42947
The CVE-2024-42947 entry concerns Tenda FH1201 v1.2.0.14. A vulnerability in the /goform/telnet handler allows an attacker to execute arbitrary commands through a crafted HTTP request, enabling remote command execution with network access. This is evidenced by several connected sources referencin...
CVE-2024-42978
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-42353 WebOb's location header normalization during redirect leads to open redirect
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...
SUSE SLES15 / openSUSE 15 Security Update : python-gunicorn (SUSE-SU-2024:2881-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2881-1 advisory. - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950 Tenable has...
SUSE-SU-2024:2881-1 Security update for python-gunicorn
This update for python-gunicorn fixes the following issues: - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950...
CVE-2024-39815
Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to...
CVE-2024-37826
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
Computer And Mobile Repair Shop Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Computer and Mobile Repair Shop Management System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
PT-2024-6830 · Sap · Sap Crm Abap
Name of the Vulnerable Software and Affected Versions: SAP CRM ABAP affected versions not specified Description: The issue is related to insufficient checking of incoming HTTP requests in the Insights Management component of the SAP CRM ABAP integration module. This can allow a remote attacker to...
CVE-2024-37826
CVE-2024-37826 describes a NULL pointer dereference in vercot Serva v4.6.0 that can cause a Denial of Service (DoS) via a crafted HTTP request. Public sources (NVD, CVE listing, Red Hat, CNNVD, CVE database) corroborate the same issue. According to the available data, the attack vector is NETWORK...
PT-2024-27769 · Vercot · Serva
Name of the Vulnerable Software and Affected Versions: vercot Serva version 4.6.0 Description: A NULL pointer dereference in vercot Serva allows attackers to cause a Denial of Service DoS via a crafted HTTP request. Recommendations: For version 4.6.0, consider disabling the HTTP request handling...
CVE-2024-37826
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2024-37826
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2024-39815
CVE-2024-39815 affects Vonets industrial WiFi bridge relays and WiFi bridge repeaters (versions 3.3.23.6.9 and prior). Root cause: improper check/handling of exceptional conditions enabling an unauthenticated remote attacker to crash the service via a specially crafted HTTP request to pre-authent...