566 matches found
SUSE CVE-2018-12327
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which nt...
SUSE CVE-2020-15692
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...
PT-2023-12632 · Sourcecodester · Sourcecodester Royale Event Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Royale Event Management System version 1.0 Description: A problematic issue has been found in the system, affecting an unknown function of the file /royal event/companyprofile.php. The manipulation of the companyname, regno,...
Inline SVG 跨站脚本漏洞
Inline SVG is a library from the personal developer James Martin. SVG documents are styled for use on the Web using CSS by adding classes to the document and embedding them in HTML. A cross-site scripting vulnerability exists in Inline SVG that stems from unknown functionality in the file...
Printer 命令注入漏洞
Printer is a tool open-sourced by Exciting. Explore IoT printing possibilities. Printer suffers from a command injection vulnerability that stems from incorrect manipulation of the parameter URL leading to command injection...
CVE-2022-31469
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...
CVE-2022-46532
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter...
WordPress plugin Chained Quiz 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2022-27457 · Eyoucms · Eyoucms
Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.6.0 Description: A cross-site scripting XSS issue exists in the Url parameter of the "/login.php" API endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For EyouCMS...
PT-2022-27030 · Metabase · Metabase
Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 44.5 Description: The issue concerns the url parameter of the "/api/geojson" endpoint, which can be exploited to perform Server Side Request Forgery attacks. It is noted that previously implemented blacklists could ...
Mitel MiCollab 代码问题漏洞
Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A security vulnerability exists in Mitel MiCollab version 9.5.0.101 and prior versions, which stems from an insufficiently restricted URL...
CVE-2022-41496
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at admincp.php...
CVE-2022-41526
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function...
BaijiaCMS 代码问题漏洞
BaijiaCMS Baijia CMS is a Java Quest soft player from BaijiaCMS Inc. A security vulnerability exists in BaijiaCMS version v4.1.4, which originates from a vulnerability that allows remote attackers to force an application to make a request by injecting an arbitrary URL into the url parameter...
Online Diagnostic Lab Management System 跨站脚本漏洞
Online Diagnostic Lab Management System is an online diagnostic lab management system. A cross-site scripting vulnerability exists in Online Diagnostic Lab Management System version 1.0, which originates from an XSS via the firstname, address, middlename, lastname , gender, email, contact...
CVE-2022-37810
Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac...
CVE-2022-37075
TOTOLink A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg...
CVE-2022-35535
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifimesh.shtml...
CVE-2022-34580
Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the address parameter at ip/school/index.php...
CVE-2022-34580
Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the address parameter at ip/school/index.php...