PT-2025-2560 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: An information disclosure issue exists in the testsave.sh functionality. A specially crafted HTTP request can lead to the disclosure of sensitive information. An attacker can send an HTTP...

Pingvin Share 代码问题漏洞

Pingvin Share is a self-hosted file sharing platform by Elias Schneider Personal Developer. A code issue vulnerability exists in Pingvin Share versions 0.6.0 through 1.3.0. An attacker can exploit the vulnerability to overwrite arbitrary files on the server via an HTTP POST request...

Ubuntu 14.04 LTS : Salt vulnerability (USN-7181-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7181-1 advisory. It was discovered that Salt incorrectly handled web requests when the SSH client was enabled. An attacker could possibly use this issue to achieve remote code...

WISI Tangram GT31 代码问题漏洞

WISI Tangram GT31 is a module for a high-density digital platform from WISI. A code issue vulnerability exists in WISI Tangram GT31 20241214 and prior versions that stems from a component HTTP request handler that can lead to server-side request forgery...

The vulnerability of the software for centralized device management by Fortinet’s FortiManager and FortiAnalyzer devices lies in their ability to bypass authentication using a user-controlled key. This allows unauthorized users to gain access to protected information.

The vulnerability of the software for centralized device management by Fortinet’s FortiManager and the network firewall FortiAnalyzer lies in the ability to bypass authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to gain unauthorized access to...

The vulnerability of the /sbin/httpd file in D-Link DIR-860L router microprogramming software allows a hacker to cause a service failure.

The vulnerability of the /sbin/httpd microprogramming system of D-Link DIR-860L routers is related to errors in pointer assignment due to incorrect checking of HTTP request formats. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted HTTP...

The vulnerability of the Kerio Control network device protection software lies in its inability to neutralize certain special elements, allowing attackers to execute arbitrary code.

The vulnerability of the Kerio Control network device lies in the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges by sending a specially crafted HTTP request...

The vulnerability of the imagename handler in the CGI script /ems/cgi-bin/ezrf-lighttpd.cgi of the graphical interface for managing WLAN access points and LAN switches in Fortinet FortiWLM allows a attacker to execute arbitrary code.

The vulnerability of the imagename handler in the CGI script /ems/cgi-bin/ezrf-lighttpd.cgi of the graphical interface for managing WLAN access points and LAN switches in Fortinet FortiWLM is related to an incorrect limitation on the path name to the restricted directory. Exploiting this...

CVE-2024-36832

A NULL pointer dereference in D-Link DAP-1513 REVAFIRMWARE1.01 allows attackers to cause a Denial of Service DoS via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it wil...

USN-7165-1: Spring Framework vulnerability

It was discovered that the Spring Framework incorrectly handled web requests via data binding. An attacker could possibly use this issue to achieve remote code execution and obtain sensitive information...

CVE-2024-36832

A NULL pointer dereference in D-Link DAP-1513 REVAFIRMWARE1.01 allows attackers to cause a Denial of Service DoS via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it wil...

CVE-2024-36832

CVE-2024-36832 affects D-Link DAP-1513 with REVA_FIRMWARE_1.01. Affected component: the /bin/webs binary. Root cause: a NULL pointer dereference when handling a crafted HTTP request, causing an immediate crash and device DoS without authentication. Impact: denial of service to the device over the...

OESA-2024-2546 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

CVE-2024-42196

HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

HCL Nomad 安全漏洞

HCL Nomad is an application from HCL Corporation, USA for using and managing the Domino application development platform in mobile devices. A security vulnerability exists in HCL Nomad that stems from the HTTP host header that can be manipulated...

CVE-2023-26280

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...

PT-2024-12090 · Ibm · Ibm Jazz Foundation

Name of the Vulnerable Software and Affected Versions: IBM Jazz Foundation versions 7.0.2 through 7.0.3 Description: The issue allows a user to change their dashboard using a specially crafted HTTP request due to improper access control. Recommendations: For versions 7.0.2 and 7.0.3, update to th...

The vulnerability of the Consul service configuration tool lies in the incorrect limitation of the path name to the restricted catalog, allowing attackers to circumvent security restrictions.

The vulnerability of the Consul service configuration tool is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTTP request...

PT-2024-17139 · Ipc · Ipc Unigy Management System

Name of the Vulnerable Software and Affected Versions: IPC Unigy Management System version 04.03.00.08.0027 Description: A critical issue was found in the HTTP Request Handler component, which can lead to server-side request forgery. This issue can be exploited remotely. The exploit has been...

CVE-2024-48536

Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request...