16601 matches found
CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...
CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...
F5 Networks BIG-IP : Apache vulnerability (K26314875)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K26314875 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of...
CVE-2023-30258
CVE-2023-30258 affects MagnusBilling magnusbilling 6.x and 7.x with an unauthenticated remote command injection in lib/icepay/icepay.php via the democ parameter. An attacker can craft a request to run arbitrary OS commands, enabling full system compromise as indicated by connected templates and e...
Zyxel Multiple NAS Devices Command Injection Vulnerability
Multiple Zyxel network-attached storage NAS devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request...
ROS-20230621-04
A vulnerability in the curl program is related to incorrect certificate validation when matching wildcards in TLS certificates for IDNs. wildcards in TLS certificates for IDNs. Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted certificate that...
@backstage/plugin-scaffolder-backend (>=0.0.0-nightly-2021712211 <=0.15.24-next.0), @backstage/plugin-scaffolder-backend-module-confluence-to-markdown (>=0.0.0-nightly-20230325022054 <=0.0.0-nightly-20230801022410) +8 more potentially affected by CVE-2023-35926 via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=0.18.0)
@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-2021712211, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =1.0.8, =1.0.0, =1.0.0, =2.2.0 -...
Security Bulletin: IBM Storage Protect Server is vulnerable to various attacks due to Eclipse jetty
Summary Jetty is used by the IBM Storage Protect Server and may be vulnerable to these attacks. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of...
Security Bulletin: Vulnerabilities in Node.js, XStream, Linux kernel can affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, XStream, and Linux kernel. Vulnerabilities include causing a denial of service condition and HTTP request smuggling, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...
Internet Bug Bounty: HTTP Request Smuggling via Empty headers separated by CR
The llhttp parser in the Node.js http module did not strictly use the CRLF sequence to delimit HTTP requests, which allowed for HTTP Request Smuggling HRS. This vulnerability affected all active versions of Node.js...
Security Bulletin: Vulnerability in Apache HTTP Server ( CVE-2023-25690 ) affects Power HMC
Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with...
Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC
Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...
PT-2023-4497 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js versions v16 through v20 Description: The issue is related to the llhttp parser in the http module, which does not strictly use the CRLF sequence to delimit HTTP requests, leading to HTTP Request Smuggling HRS. The CR character withou...
CVE-2023-27992
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...
CVE-2023-27992
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...
Command injection
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...
CVE-2023-27992
CVE-2023-27992 affects Zyxel NAS326 (firmware before V5.21(AAZF.14)C0), NAS540 (before V5.21(AATB.11)C0), and NAS542 (before V5.21(ABAG.11)C0). It is a pre-authentication command-injection vulnerability allowing an unauthenticated attacker to remotely execute OS commands via crafted HTTP requests...
CVE-2023-27992
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...
CVE-2023-27992
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...
CVE-2023-23841
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...