CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform...

CVE-2023-27356

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing...

CVE-2023-27356 NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing...

CVE-2023-27356

The CVE-2023-27356 issue affects NETGEAR RAX30 routers, specifically in the logCtrl action. The root cause is the lack of proper validation of a user-supplied string before it is used to perform a system call, allowing an attacker with network-adjacent access to execute arbitrary code with root p...

CVE-2023-27356 NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing...

VulnCheck KEV: CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can...

CVE-2020-19825

creationtimestamp| type| source ---|---|--- 2023-02-16 00:37:08+00:00| seen| https://t.me/cibsecurity/58299 2025-03-19 19:18:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8132...

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

CVE-2020-19825

CVE-2020-19825 affects kevinpapst kimai2 1.30.0. The vulnerability is a Cross-Site Scripting (XSS) in /src/Twig/Runtime/MarkdownExtension.php that allows an attacker to gain escalated privileges. The root cause is malformed/insufficient escaping of user input in the MarkdownExtension processor, e...

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

TOTOLINK Realtek SDK Routers Authentication Bypass (CVE-2019-19825)

An authentication bypass vulnerability exists in TOTOLINK Realtek SDK Routers. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...

CVE-2019-19825

creationtimestamp| type| source ---|---|--- 2020-01-27 21:37:53+00:00| seen| https://t.me/cveNotify/459 2024-11-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-24 2024-12-14 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities -...

CVE-2019-19825

Summary of CVE-2019-19825 (Realtek SDK / TOTOLINK routers) Authenticated CAPTCHA bypass vulnerability affecting Realtek SDK-based routers (TOTOLINK and others) via a POST to boafrm/formLogin with payload {"topicurl":"setting/getSanvas"}. The CAPTCHA text can be retrieved without authentication, e...