CVE-2023-27638

CVE-2023-27638 concerns the PrestaShop module tshirtecommerce (Custom Product Designer) v2.1.4. The issue arises from an unauthenticated SQL injection via the parameter tshirtecommerce_design_cart_id , caused by an insecure handling of this input in the functions hookActionCartSave and updateCust...

CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...

CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...

CVE-2020-14204

In WebFOCUS Business Intelligence 8.0 SP6, the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibiapps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes t...

Navigate CMS 2.8.7 Cross Site Request Forgery

Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Teste...

CVE-2019-13584

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request...