20 matches found
CVE-2021-47728
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...
EUVD-2021-34742
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...
Selea Targa IP OCR-ANPR Camera 操作系统命令注入漏洞
Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. The Selea Targa IP OCR-ANPR Camera suffers from an operating system command injection vulnerability that stems from a command injection issue with the addr and port parameters in utils.php, which could lead to the execution of arbitrary...
CVE-2025-57457
An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter...
EUVD-2014-3863
Malware in sbrugna...
D-Link DI-7400G+ 安全漏洞
The D-Link DI-7400G+ is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7400G+ version 19.12.25A1, which originates from a command injection due to incorrect operation of the parameter addr in the file /mngplatform.asp...
PT-2023-35334 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.272 Description: The issue concerns the validation of the addr parameter in the mdiobus get phy function. This is an automated identification of a potential security issue, but the actual impact and attack...
CVE-2021-46354
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...
Cybele Software Thinfinity VirtualUI 信息泄露漏洞
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. Cybele Software Thinfinity VirtualUI suffers from an information disclosure...
CVE-2020-20486
IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10xStaAddr...
CVE-2019-11368
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...
CVE-2019-11368
AU Optronics Solar Data Recorder prior to version 1.3.0 is affected by CVE-2019-11368: a stored XSS vulnerability in the web interface reachable via the protect/config.htm addr parameter. The issue permits script execution within the context of an authenticated user (stored in the application's b...
PT-2018-4011 · D Link · D-Link Dsl-3782
Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 version EU v. 1.01 Description: The issue concerns a buffer overflow in the diagnostics functionality of the affected device. This allows authenticated remote attackers to execute arbitrary code by sending a long Addr value to...
LG Cross-Site Scripting Vulnerability
LG Looking Glass is a set of web applications written in Perl for connecting to a router or console. LG suffers from a cross-site scripting vulnerability. It allows an attacker to inject arbitrary web script or HTML via the "addr" parameter...
CVE-2014-3926
Cross-site scripting XSS vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter...
CVE-2014-3926
Cross-site scripting XSS vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter...
CVE-2014-3926
CVE-2014-3926 is an XSS vulnerability in lg.cgi used by Cougar LG 1.9 (LG Looking Glass web apps). The issue arises from accepting the addr parameter without proper sanitization, enabling remote attackers to inject arbitrary web script or HTML. Connected documents (e.g., CNVD-2017-03337) describe...
TinyShop二次注入一枚。
简要描述: rt TinyShop v1.0.2 详细说明: 还是 protected\controllers\simple.php文件 public function orderact ................. $address = $model-table"address"-where"id=$addressid"-find; //if!$address$this-redirect"order",false,Req::args; //if!$paymentid$this-redirect"order",false,Req::args; $data'orderno' =...
util-linux: audit log injection via login
Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...