PrestaShop 路径遍历漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop tshirtecommerce 2.1.4 and earlier versions, which originates fro...

CVE-2023-2646

A vulnerability has been found in TP-Link Archer C7v2 v2enus180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local...

CVE-2023-2646 TP-Link Archer C7v2 GET Request Parameter denial of service

A vulnerability has been found in TP-Link Archer C7v2 v2enus180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local...

CVE-2023-2646 TP-Link Archer C7v2 GET Request Parameter denial of service

A vulnerability has been found in TP-Link Archer C7v2 v2enus180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local...

SUSE CVE-2008-2370

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. d...

SUSE CVE-2019-11236

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

CVE-2022-37311

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet...

CVE-2022-37311

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet...

CVE-2022-4521

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

CVE-2022-4521 WSO2 carbon-registry Request Parameter cross site scripting

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profilemenu leads to cross site scripting. It is possible to initia...

The vulnerability of the Apex One antivirus software is related to deficiencies in its authentication process. This allows unauthorized users to gain access to protected information and circumvent security restrictions.

The vulnerability of the Apex One antivirus software is related to deficiencies in the authentication process when processing request parameters. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information and circumvent security...

CVE-2022-37238

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting XSS via the currentRequest parameter...

H3C Magic R200 缓冲区错误漏洞

H3C Magic R200 is a wireless router device. H3C Magic R200 AJAX/ajaxget processing ajaxmsg parameter has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests that can crash the service or execute arbitrary code in application context...

CVE-2022-1905

The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the insufficient cleaning of user data in the GET request parameter, allowing attackers to perform cross-site scripting attacks.

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in insufficient cleaning of user data in the GET request parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks using a specially created link...

Online Fire Reporting System SQL注入漏洞

Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/classes/Master.php?f= deleterequest lacks validation for external input SQL statements,...

Code injection via property expansion in SoapUI

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

GHSA-R64Q-W8JR-G9QP Improper Neutralization of CRLF Sequences in urllib3 library for Python

In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter...

Apache Tomcat Path Traversal Vulnerability

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. d...

SQL injection in GridHelperService.php

Description In line 786, we can see $conditionFilters = $filterField . ' ' . $operator . ' ' . $value;. The three variables joins to a string, and the variables come from the request parameter.Maybe line 793 is vulnerable too. The code comes from prepareAssetListingForGrid function. The function ...