35 matches found
CVE-2023-25759
The CVE-2023-25759 issue affects the Tripleplay Platform’s TripleData Reporting Engine prior to Caveman 3.4.0, where OS command injection is possible via a crafted request payload. The vulnerability allows authenticated users to execute unprivileged OS commands, with the impact described as limit...
K54150332: ASP.NET x-up-devcap-post-charset header security exposure
Security Advisory Description An attacker may be able to evade ASM detections by including the x-up-devcap-post-charset header when sending requests to an ASP.NET application, to craft a request payload with language encoding that is not supported by BIG-IP ASM/Advanced WAF, and is different to...
GSD-2023-1002048 firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by...
Spring Data Commons < 1.13.11 / 2.x < 2.0.6 RCE
The version of Spring Data Commons installed on the remote host is affected by a remote code execution vulnerability. Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of...
CVE-2022-28290
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request...
Security Bulletin: IBM Resilient users may experience a denial of service of the SOAR Platform due to a insufficient input validation (CVE-2019-4533)
Summary IBM Resilient users may experience a denial of service of the SOAR Platform if a form field contains a extremely large data in a POST, PUT, or PATCH http request. Vulnerability Details CVEID: CVE-2019-4533 DESCRIPTION: IBM Resilient users may experience a denial of service of the SOAR...
CVE-2020-14414
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload any system commands that contains shell metacharacters via a POST request with a pw parameter. This can also be...
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: ...
CVE-2018-19242
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload with authentication...
Buffer overflow
Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload without authentication...
Buffer overflow
Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload without authentication...
Spring Data Commons remote code injection vulnerability
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
Apache Struts REST Plugin Denial of Service Vulnerability
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of Java Web applications for the creation of enterprise-class open source MVC framework . Apache Struts 2 is the next generation of Apache Struts products , is bas...
CVE-2016-7462
The Suite REST API in VMware vRealize Operations aka vROps 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization...
CVE-2004-0220
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Tes...