67 matches found
Exploit for CVE-2025-29278
CVE-2025-29278 Proof of Concept PoC: In the Diagnostics tab,...
Mitel MiCollab 安全漏洞
Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8 SP1 FP2 9.8.1.201 and prior versions, which stems from insufficient encoding of...
DEBIAN-CVE-2024-22262
Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...
PT-2024-18340 · Unknown · Codeastro House Rental Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro House Rental Management System version 1.0 Description: A problematic issue was found in the User Registration Page component, allowing for cross-site scripting through the manipulation of the address argument with malicious input,...
PT-2024-15444 · Unknown · Kashipara Food Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Food Management System version 1.0 Description: A vulnerability was found in the processing of the file party submit.php, where the manipulation of the party address argument leads to cross-site scripting. The attack may be initiate...
PT-2023-29263 · Unknown · Online Blood Donation Management System
Name of the Vulnerable Software and Affected Versions: Online Blood Donation Management System version 1.0 Description: The issue concerns multiple Store Cross-Site Scripting vulnerabilities. The address parameter of the "users/register.php" endpoint is vulnerable, as its input is copied into the...
CVE-2023-5789
A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input leads to cross site scripting. It is possible to launch the attack remotel...
PT-2023-32327 · Unknown · Dragon Path 707Gr1
Name of the Vulnerable Software and Affected Versions: Dragon Path 707GR1 up to 20231022 Description: A vulnerability has been found in the Ping Diagnostics component of Dragon Path 707GR1. The issue arises from the manipulation of the Host Address argument with a specific input, , leading to...
USN-5968-1 python-git vulnerability
It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host...
Event Management System 跨站脚本漏洞
Event Management System is an event management system. A cross-site scripting XSS vulnerability exists in SourceCodester Royale Event Management System version 1.0, which originates from an unknown function in the file /royalevent/companyprofile.php, where manipulation of the parameters...
The vulnerability of the Google Chrome web app installer allows a hacker to manipulate the URL input by using a specially created HTML page.
The vulnerability of the Google Chrome WebApp installer is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to manipulate the URL input using a specially created HTML page...
The vulnerability of the PING function implementation in TP-Link’s microprogrammed router TL-WR840N EU v5 allows a hacker to execute arbitrary code.
The vulnerability of the PING function implementation in TP-Link’s microprogrammed router TL-WR840N EU v5 is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by submitting a payload into the IP address input field...
CVE-2021-41653
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...
CVE-2021-41653
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...
Remote code execution
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...
CVE-2021-41653
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...
WordPress Plugin RSVPMaker 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
Lack of address input validation will lock tokens in contract
Handle 0xRajeev Vulnerability details Impact Functions timeLockERC721 and timeLockERC20 are used by the vault owner to timelock tokens in the vault with a specified recipient address as the only one with the right to withdraw after timelock expiry. If a zero/incorrect recipient address is used he...
php: Information disclosure in function get_headers
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...
CVE-2020-17384
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...