184 matches found
CVE-2023-22618
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...
PT-2023-18589 · Nokia · Wavelite
Name of the Vulnerable Software and Affected Versions: Nokia WaveLite products affected versions not specified Description: The issue allows a local user to create new users with administrative privileges by manipulating a web request if Security Hardening guide rules are not followed. This affec...
CVE-2023-22618
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...
CVE-2023-22618
Nokia WaveLite vulnerability CVE-2023-22618 allows a local user to create new admin users by manipulating a web request when security hardening guidelines are not followed. Affected products/versions (prior to R2.1.1) include WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite M...
CVE-2023-22618
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...
CVE-2023-3792
CVE-2023-3792 affects Beijing Netcon NS-ASG 6.3. The vulnerability is in an unknown part of the file /admin/test_status.php, where manipulation leads to a direct request. The exploit has been disclosed publicly, but the provided documents do not specify the exact vector, affected versions beyond ...
Cross site scripting
A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument searchterm leads to cross site scripting. The attack can be launched remotely. The...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
SUSE CVE-2020-10743
It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacki...
CVE-2022-3918
A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server,...
CVE-2023-0040
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
CVE-2022-35646 IBM Security Verify Governance, Identity Manager security bypass
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096...
CVE-2022-3189
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a...
Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection
The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain To simulate a gadget chain, put the following code in a plugin class Evil...
CVE-2022-3726
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...
Ruby: Header CRLF Injection in Ruby Net::HTTP
Vulnerability description not provided...
CVE-2022-38258
The CVE-2022-38258 vulnerability affects D-Link DIR-819 (firmware v1.06) through a local file inclusion (LFI) in the web interface via the getpage parameter. The underlying issue allows an attacker to trigger a Denial of Service or access sensitive server information by crafting a crafted request...
CVE-2022-38258
A local file inclusion LFI vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service DoS or access sensitive server information via manipulation of the getpage parameter in a crafted web request...
The vulnerability of the CAS server of General Bytes Crypto Application Server, related to the manipulation of inter-site requests, allows a hacker to create a user with admin privileges and modify any data on the server at will.
The vulnerability of the CAS server of General Bytes Crypto Application Server is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to create a user with admin privileges and modify any data on the server at will...
CVE-2022-33147
A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder...