PT-2023-29358 · Unknown · Online Bus Booking System

Name of the Vulnerable Software and Affected Versions: Online Bus Booking System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the destination parameter of the "search.php" resource does not validate the characters received and...

Mars: RXSS on stores on *█████████/visitorRegistration.pml via destination parameter

The vulnerability involved a reflected XSS in the destination parameter of the visitorRegistration.pml endpoint across all stores under ██████████. A working proof of concept was provided demonstrating JavaScript execution via URL parameter injection...

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

PT-2023-26643 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: An issue in COMFAST CF-XR11 allows an attacker to execute arbitrary code via the destination parameter of the sub 431F64 function in bin/webmgnt. Recommendations: For COMFAST CF-XR11 version 2.7.2,...

CVE-2023-2520

A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049202303031001 and classified as critical. This issue affects some unknown processing of the file cgi-bin/toolsping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection...

Caton Technology Prime 命令注入漏洞

Caton Technology Prime is a powerful and versatile switchable encoder and decoder from Caton Technology, China. A command injection vulnerability exists in Caton Technology Prime version 2.1.2.51.e8d7225049 202303031001, which stems from the fact that incorrect manipulation of the parameter...

Remote code execution

Elsight – Elsight Halo Remote Code Execution RCE Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution...

Elsight Halo 安全漏洞

Elsight Halo is the drone operations management of Elsight, Inc. Elsight Halo suffers from a security vulnerability that stems from the fact that accessing the /api/v1/nics/wifi/wlan0/ping page via a POST request can be used to remotely execute code using the DESTINATION parameter...

PT-2022-23623 · Elfsight · Elsight Halo

Name of the Vulnerable Software and Affected Versions: Elsight Halo affected versions not specified Description: The Elsight Halo web panel allows connection validation through a POST request to /api/v1/nics/wifi/wlan0/ping, which can be exploited by abusing the DESTINATION parameter to achieve...

Critical RCE Bugs Patched in Drupal 7 and 8

Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting Drupal 7 and Drupal 8. Developers have also identified three additional “moderately critical” vulnerabilities. “A remote attacker could exploit some of these vulnerabilities to tak...

LimeSurvey cross-site scripting vulnerability (CNVD-2018-12261)

LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A cross-site scripting vulnerability exists in Boxes in LimeSurvey version...

Proxmox Mail Gateway Open Redirect Vulnerability

Proxmox Mail Gateway is an e-mail gateway product from Proxmox Server Solutions, Austria. The product protects e-mail from virus, phishing and Trojan horse threats. An open redirection vulnerability exists in versions prior to Proxmox Mail Gateway hotfix 4.0-8-097d26a9. A remote attacker can...

CVE-2015-9058

Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...

Drupal Core double-encoded 'destination' parameter open redirect vulnerability

Drupal is a free and open source content management system developed in PHP. An open redirection vulnerability exists in the Drupal Core double encoding of the 'destination' parameter.The Drupal 6 'drupalgoto' function fails to correctly decode the content of $REQUEST'destination' when used,...

Open redirect via double-encoded 'destination' parameter

More info at https://www.drupal.org/SA-CORE-2016-001...

Open redirect via double-encoded 'destination' parameter

More info at https://www.drupal.org/SA-CORE-2016-001...

Fedora 22 : drupal7-path_breadcrumbs-3.3-1.fc22 (2015-11858)

7.x-3.3 See SA-CONTRIB-2015-133 - New token %site:current-page:path-menu-trail:pb-join: is an alternative approach to build breadcrumbs based on path hierarchy. - Fixed 2473109: Destination parameter is present but doesn't work during editing breadcrumb - Other improvements and fixes. Note that...

Fedora 21 : drupal7-path_breadcrumbs-3.3-1.fc21 (2015-11836)

7.x-3.3 See SA-CONTRIB-2015-133 - New token %site:current-page:path-menu-trail:pb-join: is an alternative approach to build breadcrumbs based on path hierarchy. - Fixed 2473109: Destination parameter is present but doesn't work during editing breadcrumb - Other improvements and fixes. Note that...