CVE-2024-30624

Tenda FH1205 v2.0.0.7775 has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function...

CVE-2024-5375

A vulnerability has been found in Kashipara College Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file submitstudent.php. The manipulation of the argument address leads to cross site scripting. The attack can be launched...

CVE-2024-9952

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=systeminfo/contactinfo of the component Contact Information Page. The manipulation of the argument Address leads to cross site...

CVE-2024-51186

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution RCE vulnerability via the pingaddr parameter in the pingv4 and pingv6 functions...

CVE-2024-56998

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting XSS in /edit-profile.php via the parameter $address...

CVE-2023-1046

A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2023-24729

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update function...

CVE-2022-34580

Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the address parameter at ip/school/index.php...

CVE-2018-19137

DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter...

CVE-2014-2850

The network interface configuration page netinterface in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter...

PLANET FW-WGS-804HPT 安全漏洞

Planet FW-WGS-804HPT is a wall mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the hostip parameter in the websnmpnotifyv3addpost function failing to correctly validate the length of the input data, which can be...

74cms 安全漏洞

74cms is an online recruitment system based on PHP and MySQL by 74cms. A security vulnerability exists in 74cms 3.33.0 and earlier versions, which stems from improper manipulation of the parameter url in the file /index.php/index/download/index, which could lead to path traversal attacks...

CVE-2025-44863

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK CA300-PoE 安全漏洞

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. TOTOLINK CA300-PoE suffers from a command injection vulnerability that stems from the msgprocess function Url parameter failing to correctly filter constructive command special characters, commands, etc., which...

TOTOLINK CA600-PoE 安全漏洞

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the msgprocess function Url parameter failing to properly filter construct command special characters, commands, etc. No...

Improper Authentication

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Authentication. An attacker can circumvent required actions configured by an administrator such as...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A plaintext transfer vulnerability exists in IBM InfoSphere Information Server version 11.7, whi...

CVE-2024-46546

NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

The vulnerability of the recvSlaveUpgstatus() function in the TOTOLINK T8 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the recvSlaveUpgstatus function in the microprogramming software for TOTOLINK T8 routers is related to the lack of measures taken to clean data at the management level when processing the ip parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

AIAS 代码问题漏洞

AIAS is an AI one-stop solution from Calvin Personal Developers. AIAS version 20250308 suffers from a code issue vulnerability that stems from the fact that incorrect manipulation of the parameter url can lead to server-side request forgery...