CVE-2023-20161

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

PT-2023-2690 · Microsoft · Teams

Name of the Vulnerable Software and Affected Versions: Microsoft Teams affected versions not specified Description: The issue is related to insufficient validation of incoming requests in Microsoft Teams, which could allow a remote attacker to gain unauthorized access to information...

Vulnerability of EVlink City’s parking charging station software. EVlink Parking and EVlink Smart Wallbox have a flaw related to insufficient validation of incoming requests, allowing intruders to redirect requests to unintended network targets.

Vulnerability of EVlink City’s parking charging station software. EVlink Parking and EVlink Smart Wallbox have a flaw related to insufficient validation of incoming requests, allowing intruders to redirect requests to unintended network targets...

CVE-2023-1124 Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks...

The vulnerability of the PHP programming language, related to insufficient validation of incoming requests, allows attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the programming language PHP is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential data and compromise its integrity...

The vulnerability of NextCloud Mail’s email client, related to insufficient validation of incoming requests, allows attackers to scan internal services and servers accessible from the local network of the NextCloud server.

The vulnerability of NextCloud Mail’s email client stems from insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to scan internal services and servers accessible from the local network of the NextCloud server...

SUSE CVE-2018-0886

The Credential Security Support Provider protocol CredSSP in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code...

The vulnerability of the web service for Lexmark printer devices allows a perpetrator to execute arbitrary codes.

The vulnerability of the New Lexmark Device printers’ web service is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the LibreOffice Unoconv document conversion tool, related to insufficient validation of incoming requests, allows a perpetrator to gain access to confidential data.

The vulnerability of the LibreOffice Unoconv document conversion tool is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

PT-2023-14847 · Panasonic · Panasonic Sanyo Cctv Network Cameras

Name of the Vulnerable Software and Affected Versions: Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x Description: The issue allows an attacker to perform changes with administrator level privileges by exploiting a CSRF vulnerability. Recommendations: For versions 1.02-05, upda...

Denial Of Service (DoS)

typo3 is vulnerable to Denial Of Service DoS. The vulnerability exists due to the lack of http request validation in the PageContentErrorHandler.php which allows an attacker to cause an application crash...

Denial Of Service (DoS)

libp2p is vulnerable to denial of service. The vulnerability is due to improper validation in the number of requests, which results in the host OS killing the process...

CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a...

xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access

A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length...

The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a hacker to execute arbitrary Java code.

The vulnerability of the Apache Batik library for working with SVG images is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary Java code remotely...

ipTIME NAS 跨站请求伪造漏洞

ipTIME NAS is a wireless router product from South Korea's ipTIME Corporation that provides NAS network attached storage. A security vulnerability exists in ipTIME NAS that stems from a lack of validation of POST requests sent to a page. An attacker can exploit this vulnerability to delete user...

The vulnerability of the Build Handler component of the Jenkins Git plugin allows a perpetrator to perform arbitrary actions on a vulnerable device.

The vulnerability of the Build Handler component in the Jenkins Git plugin is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device by manipulating the requests made...

The vulnerability of the mechanism for checking tokens on the Apache Struts software platform allows a perpetrator to carry out a CSRF attack.

The vulnerability of the token verification mechanism in the Apache Struts software framework is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to carry out a CSRF attack remotely...

CVE-2022-2075

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...

Design/Logic Flaw

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...