16589 matches found
CVE-2024-38494
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36455
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-38494
Broadcom Symantec Privileged Access Management (PAM) contains a vulnerability that, when exploited by a high-privileged authenticated PAM user, enables remote command execution on the affected PAM system via a specially crafted HTTP request. Affected component appears to be the PAM software itsel...
CVE-2024-38494 Symantec Privileged Access Manager Remote Command Execution vulnerability
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36455 Symantec Privileged Access Manager Remote Command Execution vulnerability
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36455
Broadcom Symantec Privileged Access Management is affected by CVE-2024-36455 through an input validation error that allows an unauthenticated attacker to achieve remote command execution by sending a specially crafted HTTP request. The exposed component is PAM, and the root cause is improper inpu...
Broadcom Symantec Privileged Access Management 安全漏洞
Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...
ROS-20240715-01
Vulnerability of Apache Tomcat application server's implementation of rejectIllegalHeader attribute is associated with flaws in processing HTTP requests containing Content-Length header. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP...
CVE-2016-15039
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...
CVE-2016-15039
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...
CVE-2016-15039
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...
CVE-2016-15039 mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...
CVE-2016-15039 mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...
CVE-2016-15039
CVE-2016-15039 affects mhuertos phpLDAPadmin up to commit 665dbc2690ebeb5392d38f1fece0a654225a0b38. The vulnerability targets the makeHttpRequest function in htdocs/js/ajax_functions.js and enables http request smuggling. Exploitation is remote. The project does not use versioning, and affected/u...
CVE-2016-15039
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...
CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...
CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...
CVE-2024-23663
CVE-2024-23663 describes an improper access-control flaw in Fortinet FortiExtender, allowing an attacker to create users with elevated privileges via a crafted HTTP request. Affected FortiExtender versions span 4.1.1–4.1.9, 4.2.0–4.2.6, 5.3.2, 7.0.0–7.0.4, 7.2.0–7.2.4, and 7.4.0–7.4.2. Public dis...
CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling in Node.js (CVE-2024-27982)
Summary Node.js is used by IBM DataPower Gateway in the Gateway Director and UI components. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By sending specially crafted HTT...