CVE-2021-33193

CVE-2021-33193 describes a vulnerability in Apache HTTP Server where a crafted HTTP/2 method can bypass validation and be forwarded by mod_proxy, potentially enabling request splitting or cache poisoning. The issue affects Apache httpd versions 2.4.17 through 2.4.48. Connected advisories and noti...

Fix of CVE: CVE-2020-8450, CVE-2020-8517, CVE-2020-8449

CVE-2020-8449: fix improper HTTP request validation allowing access to resources which are prohibited by security filters - CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow - CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer and leading to...

IBM Sterling Secure Proxy Server-Side Request Forgery Vulnerability

IBM Sterling Secure Proxy is an International Business Machines Corporation IBM application proxy for securing file transfers in an organization's unprotected zone DMZ. IBM Sterling Secure Proxy has a server-side request forgery vulnerability vulnerability that originates from a server that fails...

The vulnerability of the Axios application software Aurora Center, which allows a perpetrator to carry out an SSRF attack

The vulnerability of the Axios application software Autora Center relates to insufficient checking of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of the Accellion FTA security system, which stems from insufficiently validated incoming requests, allows a perpetrator to carry out a SSRF attack and gain unauthorized access to protected information.

The vulnerability of the Accellion FTA security system is related to insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack and gain unauthorized access to protected information through specially created POST requests...

CVE-2021-1385

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

Cross site request forgery (csrf)

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

CVE-2021-28122

Open5GS WebUI prior to 2.2.1 is affected by a request-validation issue that allows an unauthenticated attacker to perform CRUD operations on the subscriber database due to Express not requiring authentication. Affected versions are 2.1.3 through 2.2.x before 2.2.1. The issue enables actions such ...

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

The vulnerability of the vSphere Client plugin for managing VMware vCenter Server allows a attacker to send requests on behalf of the targeted server.

The vulnerability of the vSphere Client plugin for managing VMware vCenter Server lies in insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to send requests on behalf of the targeted server by sending specially crafted HTTP requests...

Security Advisory YSA-2021-02 | Yubico

The yubihsm-connector utility provides a HTTP interface for interacting with a YubiHSM 2. This interface is used by many other components in the YubiHSM 2 SDK ecosystem, including the yubihsm-shell, the PKCS11 library yubihsmpkcs11, and the YubiHSM Key Storage Provider KSP for Windows®...

Connor Hicks 1Password SCIM Bridge Authorization Issues Vulnerability

Connor Hicks 1Password SCIM Bridge is a password management system from the Connor Hicks organization in the United States. Provides a cross-domain identity management system SCIM protocol to connect 1Password to your existing identity provider e.g. Azure Active Directory, Okta, OneLogin or...

Design/Logic Flaw

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...

Cisco SD-WAN vManage Software Arbitrary File Creation (cisco-sa-vmanage-file-Y2JSRNRb)

According to its self-reported version, Cisco SD-WAN vManage is affected by an arbitrary file creation vulnerability due to improper validation of requests to APIs. An authenticated, remote attacker can exploit this, by sending malicious requests to an API in the affected system, to conduct...

Open-Xchange OX App Suite 代码问题漏洞

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to more intuitively manage email, tasks, files, etc. mail compose is one of the mail editing components. OX App Suite suffers from a cross-site request forgery...

Steedos Steedos-platform SQL Injection Vulnerability

Steedos Steedos-platform is a Javascript-based website builder for creating websites in a declarative way organized by Steedos China. A SQL injection vulnerability exists in Steedos Platform version 1.21.24 and prior versions, which stems from allowing NoSQL injection because...

CVE-2020-27614

AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation...

CVE-2020-7328

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO...