CVE-2024-31507

Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetchgendercs.php...

PT-2024-24127 · Unknown · Sourcecodester Online Graduate Tracer System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Graduate Tracer System version 1.0 Description: The issue concerns SQL Injection via the request parameter in the "admin/fetch gendercs.php" API endpoint. This allows for potential manipulation of database queries...

Uncontrolled Resource Consumption

Liferay Portal is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to reliance on a request parameter to limit file size, enabling remote authenticated users to upload excessively large files to the system's temp folder by altering the 'maxFileSize' parameter...

Improper Check For Unusual Or Exceptional Conditions

Mattermost is vulnerable to Denial Of Service. The vulnerability is due to there is no proper validation for the type of the "reminder" body request parameter. This allows an attacker to crash the Playbook Plugin when updating the status dialog...

Liferay Portal vulnerable to Denial of Service

The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, whic...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

CVE-2024-0509

The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

PT-2024-15625 · WordPress · Wp 404 Auto Redirect To Similar Post

Name of the Vulnerable Software and Affected Versions: WP 404 Auto Redirect to Similar Post plugin for WordPress versions up to, and including, 1.0.3 Description: The issue is related to Reflected Cross-Site Scripting via the request parameter due to insufficient input sanitization and output...

Cross site scripting

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

CVE-2023-6838

The CVE-2023-6838 entry describes a reflected Cross-Site Scripting vulnerability in the Authentication Endpoint of WSO2 API Manager. An attacker can tamper a request parameter to execute script in the context of a victim’s browser, with impact limited to confidentiality and integrity (per CVSS: L...

CVE-2023-25650

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads...

Arbitrary file deletion

There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads...

CVE-2023-38194

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter...

jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable...

(0Day) ZTE MF286R goahead Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ZTE MF286R routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the SETDEVICELED endpoint. The...

PrestaShop 路径遍历漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop tshirtecommerce 2.1.4 and earlier versions, which originates fro...

SUSE CVE-2008-2370

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. d...

GHSA-R64Q-W8JR-G9QP Improper Neutralization of CRLF Sequences in urllib3 library for Python

In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter...

Apache Tomcat Path Traversal Vulnerability

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. d...

SQL injection in GridHelperService.php

Description In line 786, we can see $conditionFilters = $filterField . ' ' . $operator . ' ' . $value;. The three variables joins to a string, and the variables come from the request parameter.Maybe line 793 is vulnerable too. The code comes from prepareAssetListingForGrid function. The function ...