14 matches found
CVE-2019-25431
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
CVE-2019-25431
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
CVE-2019-25431 delpino73 Blue-Smiley-Organizer 1.32 SQL Injection via datetime
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
CVE-2019-25431 delpino73 Blue-Smiley-Organizer 1.32 SQL Injection via datetime
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
CVE-2019-25431
CVE-2019-25431 affects delpino73’s Blue-Smiley-Organizer 1.32. The issue is an SQL injection in the datetime parameter that allows unauthenticated attackers to manipulate queries. Attacks can inject SQL through POST requests to extract sensitive data using boolean-based blind or time-based blind ...
Blue-Smiley-Organizer SQL注入漏洞
Blue-Smiley-Organizer is a calendar management tool personally developed by Oliver Antosch. Version 1.32 of Blue-Smiley-Organizer contains an SQL injection vulnerability. This vulnerability stems from the datetime parameter, which allows for SQL injections, potentially enabling unverified attacke...
PT-2026-21309
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
The vulnerability of the /goform/form2systime.cgi microprogramming software for D-Link DIR-816 A2 routers allows a hacker to execute arbitrary commands.
The vulnerability of the /goform/form2systime.cgi microprogramming system for D-Link DIR-816 A2 exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...
Command Execution Vulnerability in D-Link DIR-816 A1
D-Link DIR-816 A1 is a wireless router from AUO Electronic Equipment Shanghai Co. A command execution vulnerability exists in the D-Link DIR-816 A1, which can be exploited to execute arbitrary commands by sending a POST request with the 'datetime' parameter to form2systime.cgi...
delpino73 Blue-Smiley-Organizer 1.32 SQL Injection
Exploit Title: delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: https://github.com/delpino73/Blue-Smiley-Organizer Software Link: https://github.com/delpino73/Blue-Smiley-Organizer.git Version: 1.32 Tested on: CentOS7 CVE : N/...
D-Link DIR-816 Command Injection Vulnerability (CNVD-2019-02398)
D-Link DIR-816 is a home router product from AUO. A command injection vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which stems from the program's use of the 'datetime' parameter value to construct the 'date -s "%s"' command, which can be exploited by an attacker to this...
CVE-2018-17066
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter...
PT-2018-3881 · D Link · D-Link Dir-816 A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: An issue exists in the handler function of the "/goform/form2systime.cgi" route, where an HTTP request parameter is used in command string construction. This could lead to command injection via...
Command Execution Vulnerability in the datetime Parameter of the Mixcall Seat Management System
Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. A command execution vulnerability exists in the...