16590 matches found
CVE-2023-43491
An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2023-45209
An information disclosure vulnerability exists in the web interface /cgi-bin/downloadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...
CVE-2023-39367
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-1135
An HTTP Request Smuggling vulnerability was found in Gunicorn. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly...
CVE-2023-45209
An information disclosure vulnerability exists in the web interface /cgi-bin/downloadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...
CVE-2023-43491
An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2023-43491
An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2023-45209
An information disclosure vulnerability exists in the web interface /cgi-bin/downloadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...
CVE-2023-45209
CVE-2023-45209 affects Peplink Smart Reader v1.2.0 (QEMU). The Red Hat advisory notes an information-disclosure vulnerability in the web interface at /cgi-bin/download_config.cgi. An unauthenticated HTTP request can disclose sensitive information. The documentation does not provide a remediation ...
CVE-2023-43491
The CVE-2023-43491 entry describes an information-disclosure vulnerability in the Peplink Smart Reader web interface, specifically the /cgi-bin/debug_dump.cgi functionality on version v1.2.0 (QEMU). The issue is triggered by a specially crafted unauthenticated HTTP request that can disclose sensi...
CVE-2023-45744
CVE-2023-45744 affects Peplink Smart Reader v1.2.0 (QEMU). The web interface feature /cgi-bin/upload_config.cgi is vulnerable: a specially crafted unauthenticated HTTP request can modify configuration, indicating a data integrity issue. Red Hat CVE entries (CVE-2023-45744 and related RH CVEs) con...
CVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2023-39367
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2023-39367
The set of Red Hat CVEs describe multiple issues affecting Peplink Smart Reader v1.2.0 (in QEMU): CVE-2023-39367 is an OS command injection in the web interface mac2name, exploitable by authenticated HTTP requests to execute commands; CVE-2023-40146 is a privilege-escalation via /bin/login that c...
CVE-2023-39367
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Palo Alto OS Command Injection Vulnerability
Palo Alto OS was recently hit by a command injection zero day attack. These are exploitation details related to the zero day. CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: http POST /ssl-vpn/hipreport.esp HTTP/1.1 Host: 127.0.0.1 Cookie:...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:1305-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1305-1 advisory. - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc12222...
SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2024:1307-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1307-1 advisory. Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could le...