CVE-2024-31507

Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetchgendercs.php...

PT-2024-24127 · Unknown · Sourcecodester Online Graduate Tracer System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Graduate Tracer System version 1.0 Description: The issue concerns SQL Injection via the request parameter in the "admin/fetch gendercs.php" API endpoint. This allows for potential manipulation of database queries...

Uncontrolled Resource Consumption

Liferay Portal is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to reliance on a request parameter to limit file size, enabling remote authenticated users to upload excessively large files to the system's temp folder by altering the 'maxFileSize' parameter...

Improper Check For Unusual Or Exceptional Conditions

Mattermost is vulnerable to Denial Of Service. The vulnerability is due to there is no proper validation for the type of the "reminder" body request parameter. This allows an attacker to crash the Playbook Plugin when updating the status dialog...

Liferay Portal vulnerable to Denial of Service

The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, whic...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

CVE-2024-0509

The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

PT-2024-15625 · WordPress · Wp 404 Auto Redirect To Similar Post

Name of the Vulnerable Software and Affected Versions: WP 404 Auto Redirect to Similar Post plugin for WordPress versions up to, and including, 1.0.3 Description: The issue is related to Reflected Cross-Site Scripting via the request parameter due to insufficient input sanitization and output...

Cross site scripting

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

CVE-2023-6838

The CVE-2023-6838 entry describes a reflected Cross-Site Scripting vulnerability in the Authentication Endpoint of WSO2 API Manager. An attacker can tamper a request parameter to execute script in the context of a victim’s browser, with impact limited to confidentiality and integrity (per CVSS: L...

CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

CVE-2023-25650

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads...

Arbitrary file deletion

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

Nipah Virus Testing Management System Cross-Site Request Forgery Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. A cross-site request forgery vulnerability exists in version 1.0 of the PHPGurukul Nipah Virus Testing Management System, which stems from the parameter pid in the file manage-phlebotomist.php that can lead to cross-sit...

CVE-2023-43194

Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...

CVE-2023-38194

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

(0Day) ZTE MF286R goahead Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ZTE MF286R routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the SETDEVICELED endpoint. The...