PT-2024-3954 · Fortinet · Fortiwebmanager

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWebManager versions 6.0.2, 6.2.3 through 6.2.4, 6.3.0, 7.0.0 through 7.0.4, and 7.2.0 Description: The issue is related to an improper authorization in the HTTP Request Handler component of Fortinet FortiWebManager, which can be...

CVE-2024-5428

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function saveproduct of the file /admin/index.php?page=manageproduct of the component HTTP POST Request Handler. The manipulation leads to cross-site reque...

The vulnerability of the NTPSyncWithHost function in the Request Handler component of TOTOLINK CP450 software allows a perpetrator to execute arbitrary code.

The vulnerability of the NTPSyncWithHost function in the Request Handler component of TOTOLINK CP450 router microprogramming software is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-5193 Ritlabs TinyWeb Server Request crlf injection

A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2024-5145 SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

CVE-2024-5145

The CVE-2024-5145 entry refers to SourceCodester Vehicle Management System (up to v1.0) with a flaw in the HTTP POST Request Handler, where manipulating the file parameter in /newdriver.php enables unrestricted uploads. Multiple sources confirm remote feasibility and public disclosure of exploits...

PT-2024-4722 · Unknown · Сервис Обновлений

Name of the Vulnerable Software and Affected Versions: Сервис обновлений affected versions not specified Description: The issue is related to the WSDL request handler in the "Сервис обновлений" software, which is associated with incorrect restriction of the directory path name. This could allow a...

CVE-2024-4583

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

CVE-2024-4583 Faraday GM8181/GM828x Request information disclosure

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

CVE-2024-4583

CVE-2024-4583 affects Faraday GM8181 and GM828x up to 20240429, with the vulnerability located in an unknown functionality of the Request Handler that leads to information disclosure. The issue is exploitable remotely, and the public exploit has been disclosed. Upgrading the affected component is...

CVE-2024-4583 Faraday GM8181/GM828x Request information disclosure

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc USA. A security vulnerability exists in Google Pixel that stems from an improper input validation in the lpmreqhandler module of the lpm.c file, which may result in out-of-bounds writes...

PT-2024-22986 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible out of bounds write in the lpm req handler function of lpm.c due to improper input validation. This could lead to loc...

CVE-2024-3274

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation...

CVE-2024-3273

Affected products: D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L NAS devices (firmware up to 2024-04-03). Vulnerability: Command injection in the HTTP GET Request Handler, exploiting the "/cgi-bin/nas_sharing.cgi" component via manipulation of system arguments. Impact: Remote code execution al...

VulnCheck KEV: CVE-2024-1021

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The...

CVE-2024-3273

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

CVE-2024-2910

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itboxpi/vpnquicksetservice.php?a=setvpn of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-2909

A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itboxpi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command...

CVE-2024-2910

CVE-2024-2910 affects Ruijie RG-EG350 (pre-20240318) in the VPN quick set service. The vulnerable component is the HTTP POST handler function vpnAction in the file /itbox_pi/vpn_quickset_service.php?a=set_vpn. By manipulating arguments ip, port, user, pass, dns, or startIp, an attacker can trigge...