CVE-2024-5560

CVE-2024-5560 affects Schneider Electric Sage RTUs, with an out-of-bounds read in the web interface that could cause DoS when a specially crafted HTTP request is sent. Multiple connected sources describe the issue as a vulnerability in the Sage RTU/web interface, linked to CWE-125 (Out-of-bounds ...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.59 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

CVE-2024-36360

OS command injection vulnerability exists in awkblog v0.0.1 commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552 and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the...

TOTOLINK AC1200 安全漏洞

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the cgi function setNoticeCfg in /lib/cstemodules/system.so that does not check the length of the user input string NoticeUrl,...

Security Bulletin: Vulnerable netty classes from couchdb affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafte...

CVE-2024-35305

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35306

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35306

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35306

CVE-2024-35306 describes an OS command injection in Pandora FMS’ Ajax PHP files via HTTP requests, affecting Pandora FMS versions 700–776 (up to but not including 777). Root cause is insufficient sanitization of input variables, enabling an attacker to execute system commands. Impact is potential...

CVE-2024-35305 Unauth Time-Based SQL Injection via API

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35305

CVE-2024-35305 concerns an unauthenticated Time-Based SQL Injection in Pandora FMS API exploitable via the HTTP Authorization header. Affected versions are 700 to 776; exploitation can leak or access sensitive data, with high impact to confidentiality, integrity, and availability as reflected in ...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...

PT-2024-35360

Name of the Vulnerable Software and Affected Versions: GNOME libsoup versions prior to 3.6.0 Description: The issue allows HTTP request smuggling in some configurations because '0' characters at the end of header names are ignored. For example, a "Transfer-Encoding0: chunked" header is treated th...

GHSA-FQ4P-86HH-42V9 Zend-Diactoros URL Rewrite vulnerability

zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...

Zend-Feed URL Rewrite vulnerability

zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...

Zend-HTTP URL Rewrite vulnerability

zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...

Exploit for OS Command Injection in Php

CVE-2024-4577, Argument Injection in PHP-CGI ./CVE-2024-45...

Security Bulletin: IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135.

Summary IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling,...