EUVD-2007-0432

Malware in sbrugna...

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

CVE-2025-29462

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

squid: denial of Service in FTP

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input...

Oracle VirtualBox VRDP Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. Authentication may or may not be required to exploit this vulnerability, depending upon product configuration. The specific flaw exists within the handling of USB request messages...

Information disclosure

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers coul...

HaE - BurpSuite Highlighter And Extractor

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. Read Chinese simplified version READMEzh. Public Rules Website: https://gh0st.cn/HaE/ Introduction HaE is used to highlight HTTP requests and extract information from HTTP response...

CVE-2019-5304

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset...

Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol SIP functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS...

ManageEngine Applications Manager CommonAPIUtil moveSubGroup haid tohaid SQL Injection

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the haid and tohaid parameters when processing requests using the moveSubGroup method of the CommonAPIUtil class. By sending crafted request messages, a remote...

Hewlett-Packard Data Protector Backup Client Service rrda Remote Code Execution Vulnerability

This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service OmniInet.exe. The Backup Client Service listens on TCP por...

Arbitrary Commands Execution Vulnerability in JP1/Base

Overview The JP1/Base contains a vulnerability where arbitrary commands may be executed when it receives request messages from unexpected hosts in the network. Impact Malicious users can exploit this vulnerability to execute arbitrary commands by sending request messages from an unexpected host...

CVE-2007-0432

BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities...