CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

CVE-2024-38819

CVE-2024-38819 affects Spring Framework’s RouterFunctions-based static resource handling (WebMvc.fn/WebFlux.fn). A path traversal flaw arises when an application serves static resources via FileSystemResource locations, enabling an attacker to craft HTTP requests that read files on the server fil...

Privilege Escalation

WWBN AVideo is vulnerable to Privilege Escalation. The vulnerability is due to improper salt generation functionality within the application. An attacker can exploit this issue via crafting malicious HTTP requests leading to the recovery of the admin password...

CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

GHSA-H3W2-QG2R-C7MF Kirby CMS 2.5.12 Cross-site Scripting

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

Kirby CMS 2.5.12 Cross-site Scripting

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

Code injection

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

PT-2022-8036 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby version 2.5.12 Description: The issue allows malicious HTTP requests to be sent, which can trick a user into adding web pages. Recommendations: For Kirby version 2.5.12, at the moment, there is no information about a newer version that...

CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

ofcms v1.1.4 backend existence of arbitrary file reading vulnerability

OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 there are arbitrary file reading vulnerabilities in the background, the vulnerability stems from the program fails to properly validate the user data, remote attackers can use the vulnerability to read the...

Buffer Overflow Vulnerability in Cisco RV110W Products (CNVD-2021-05422)

The Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router from Cisco USA. The Cisco RV110W product suffers from a buffer overflow vulnerability that originates from a program's failure to properly validate user data, which can be exploited by a remote attacker to execute arbitrary co...

Buffer Overflow Vulnerability in Cisco RV110W Products (CNVD-2021-05420)

The Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router from Cisco USA. The Cisco RV110W product suffers from a buffer overflow vulnerability that originates from a program's failure to properly validate user data, which can be exploited by a remote attacker to execute arbitrary co...

Buffer Overflow Vulnerability in Cisco RV110W Products (CNVD-2021-05417)

The Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router from Cisco USA. The Cisco RV110W product suffers from a buffer overflow vulnerability that originates from a program's failure to properly validate user data, which can be exploited by a remote attacker to execute arbitrary co...

Buffer Overflow Vulnerability in Cisco RV110W Products (CNVD-2021-05415)

The Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router from Cisco USA. The Cisco RV110W product suffers from a buffer overflow vulnerability that originates from a program's failure to properly validate user data, which can be exploited by a remote attacker to execute arbitrary co...

Cross site request forgery (csrf)

The Atlassian Application Links plugin is vulnerable to cross-site request forgery CSRF. The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version...