CVE-2024-48536

Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request...

CVE-2024-48536

Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request...

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communications platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.1 UPD882911, which stems from a vulnerability that allows an authenticated,...

PT-2024-35495 · Veritas · Veritas Enterprise Vault

Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.1 UPD882911 Description: The issue allows an authenticated remote attacker to inject a parameter into an HTTP request, enabling Cross-Site Scripting while viewing archived content. This could...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to upload arbitrary files.

The vulnerability of the Cisco Identity Services Engine ISE’s web management interface relates to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to upload arbitrary files using a specially created HTTP request...

The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software systems allows a hacker to disclose confidential information.

The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software routers is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose...

The vulnerability of the Cisco Unified Threat Defense Snort Intrusion Prevention System Engine’s operating system, Cisco IOS XE, related to the operation of data out of the buffer in memory. This allows attackers to bypass existing security restrictions and trigger a service failure.

The vulnerability of the Cisco Unified Threat Defense Snort Intrusion Prevention System Engine’s operating system, Cisco IOS XE, lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and...

SAP NetWeaver Application Server和SAP ABAP Platform 代码问题漏洞

SAP NetWeaver Application Server and SAP ABAP Platform are both products of SAP, Germany.SAP NetWeaver Application Server is an application server.SAP ABAP Platform is an ABAP based SAP ABAP Platform is an ABAP-based SAP solution. A code issue vulnerability exists in SAP NetWeaver Application...

AZL-53036 CVE-2024-52530 affecting package libsoup for versions less than 3.0.4-2

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...

DEBIAN-CVE-2024-52530

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...

CVE-2020-11926

CVE-2020-11926 affects Luvion Grand Elite 3 Connect (through 2020-02-25). The issue allows a client to authenticate with a username/password, with credentials retrievable via an unauthenticated web request (e.g., a JavaScript file). The disclosure also includes the device’s Wi‑Fi SSID and WPA2 ke...

PT-2024-10775 · Luvion · Luvion Grand Elite 3 Connect

Name of the Vulnerable Software and Affected Versions: Luvion Grand Elite 3 Connect through 2020-02-25 Description: An issue was discovered that allows clients to authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web...

Combodo iTop 代码问题漏洞

Combodo iTop is a suite of open source web applications developed by French company Combodo based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A code issue vulnerability exists in Combodo iT...

Bitrix24 安全漏洞

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 23.300.100, which stems from a remote administrator...

YeaLink Meeting Server 安全漏洞

Yealink YeaLink Meeting Server is a distributed cloud video conferencing infrastructure from China Yealink Yealink. A security vulnerability exists in Yealink Meeting Server versions prior to V26.0.0.67, which originates from a risk of sensitive data leakage in the server response by sending an...

Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Zhihong Tian, Hui L...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV042, RV042G, RV320, and RV325 allows a hacker to execute arbitrary code or cause service interruptions.

The vulnerability of the web interface for managing microprogrammed software routers of Cisco Small Business RV042, RV042G, RV320, and RV325 stems from the escape of operations beyond the buffer in memory, resulting from insufficient validation of input data during HTTP packet processing...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

LevelOne WBR-6012 信息泄露漏洞

The LevelOne WBR-6012 is a wireless router from LevelOne. An information disclosure vulnerability exists in the LevelOne WBR-6012, which originates from a hidden page accessed via an HTTP request that can disclose sensitive information without authentication...