CVE-2022-34580

Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the address parameter at ip/school/index.php...

CVE-2022-34580

CVE-2022-34580 affects Advanced School Management System v1.0. The issue is a cross-site scripting (XSS) vulnerability exploitable via the address parameter at ip/school/index.php. Documented CVSS: 4.8 (MEDIUM) with network attack vector, high privileges required and user interaction. APT/Exploit...

Advanced School Management System 跨站脚本漏洞

Advanced School Management System is a school management system by the individual developer Angel Jude Reyes Suarez. A security vulnerability exists in Advanced School Management System v1.0, which originates from a cross-site scripting XSS vulnerability found in the address parameter of...

PT-2022-16952 · Wavlink · Wavlink Wn535G3 +1

Name of the Vulnerable Software and Affected Versions: WAVLINK WN535K2 WAVLINK WN535K3 Description: A critical issue affects the unknown processing of the file /cgi-bin/touchlist sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the...

CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

The vulnerability of the Microprogrammed Software for Infiray IRAY-A8Z3 thermal imagers arises from incorrect code generation control, allowing a intruder to execute arbitrary code.

The vulnerability of the Infiray IRAY-A8Z3 thermal imager’s microprogramming software is related to incorrect handling of the code generation process. Exploiting this vulnerability could allow an intruder to execute arbitrary code using the cmdstring URL parameter...

PT-2022-11471 · Zeroshell · Zeroshell

Name of the Vulnerable Software and Affected Versions: ZeroShell version 3.9.5 Description: The issue is a command injection vulnerability in the "/cgi-bin/kerbynet" API endpoint, specifically in the IP parameter. This may allow an authenticated attacker to execute system commands. Recommendation...

CVE-2022-30425

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request...

CVE-2022-30425

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request...

CVE-2022-29349

kkFileView v4.0.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple parameters such as setName, webappType, httpPort, dsName, description, phase, and url in different JSP pages. An attacker can inject arbitrary web script or HTML by sending crafted input to these...

CVE-2022-29394

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN0041b448...

CVE-2022-29394

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN0041b448...

CVE-2022-28970

Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service DoS...

VulnCheck KEV: CVE-2020-17456

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the systemlog.cgi page...

The vulnerability of the web interface configuration of TP-Link’s AC1750 Archer C20i router software allows a hacker to execute arbitrary code.

The vulnerability of the web interface configuration of TP-Link AC1750 Archer C20i software lies in the lack of measures taken to neutralize special elements used in the operating system’s processing of the XTPExternalIPv6Address parameter. Exploiting this vulnerability allows a malicious actor t...

迅易科技 74cms 安全漏洞

Xunyi Technology 74cms is a PHP and MySQL based online recruitment system from China Xunyi Technology Company. A security vulnerability exists in 74cmsSE v3.4.1, which was discovered via the $url parameter in indexcontrollerDownload.php. 74cmsSE v3.4.1 contains an arbitrary file read vulnerabilit...

CVE-2022-25433

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function...

CVE-2022-25452

Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function...

CVE-2022-23397

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no...