D-Link DIR-816 A2 Buffer Error Vulnerability

The D-Link DIR-816 A2 is a wireless router from China-based AUO D-Link. A security vulnerability exists in D-Link DIR-816 A2 v1.10CNB05, which originates from a parameter sipaddress found to contain a stack overflow via ipportFilter...

Open Redirect

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Open Redirect via the redirecturl parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a...

Inventory Management System Cross-Site Scripting Vulnerability (CNVD-2023-72259)

Inventory Management System is an inventory management system. Inventory Management System v1.0 version of the cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the Name, Address parameter, which can be exploited...

CVE-2023-39712

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

CVE-2023-39712

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section...

Tenda AC9 缓冲区错误漏洞

The Tenda AC9 is a wireless router from Tenda China. A buffer error vulnerability exists in the Tenda AC9 that stems from a buffer overflow in the mac parameter of /goform/GetParentControlInfo...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section...

Tenda AC8 缓冲区错误漏洞

Tenda AC8 is a dual-band Gigabit wireless router from Tenda, designed for fiber optic homes up to 1000 megabytes, supporting dual-band concurrent transmission rates up to 1167Mbps, equipped with full Gigabit ports 1 WAN port + 3 LAN ports for 100-1000 megabit broadband access. Tenda AC8 suffers...

Dataprobe OS Command Injection Vulnerability

Dataprobe is a series of intelligent power switch and management products from Dataprobe, Inc. in the United States. Dataprobe iBoot PDU 1.43.03312023 and earlier versions suffer from an operating system command injection vulnerability that stems from an attack that is prone to command injection...

CVE-2023-3809

A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

Hospital Management System SQL注入漏洞

Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A SQL injection vulnerability exists in Hospital Management System version 1.0, which stems from the presence of an unknown function i...

Hospital Management System SQL注入漏洞

Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A SQL injection vulnerability exists in Hospital Management System version 1.0, which stems from the presence of an unknown function i...

PT-2023-26308 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: Hospital Management System version 1.0 Description: A critical issue affects the processing of the file patientprofile.php, where the manipulation of the address argument leads to sql injection. The attack can be initiated remotely...

CVE-2023-1893

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators...

TOTOLINK A3300R setDiagnosisCfg Method Command Injection Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A command injection vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the ip parameter of the setDiagnosisCfg method faili...

GZ Scripts Ticket Booking Script 跨站脚本漏洞

GZ Scripts Ticket Booking Script is a ticket booking system from GZ Scripts. A cross-site scripting vulnerability exists in GZ Scripts Ticket Booking Script version 1.8, which stems from cross-site scripting due to incorrect manipulation of the parameters firstname, secondname, phone, address1, a...

PT-2023-4094 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.26 Description: The issue is related to a command injection vulnerability in the function formWriteFacMac, which can be exploited via the mac parameter. This vulnerability may allow a remote attacker to execute...

TOTOLINK A3300R 操作系统命令注入漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A command injection vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the ip parameter of the setDiagnosisCfg method faili...

[M] Hardcoded address will not remain consistent across other chains

Lines of code Vulnerability details Impact The hardcoded address for the LBR token will not remain consistent across other chains, such as Polygon, Avalanche, Arbitrum and BSC for example. IEUSD0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2.balanceOfethlbrLpToken Proof of Concept Hardcoding the addre...