46 matches found
Tenda Ax3 命令注入漏洞
Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A command injection vulnerability exists in Tenda AX3 v16.03.12.10CN, which can be exploited by an attacker to cause a denial of service DoS via the gateway, dns1, and dns2 parameters...
Command injection
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in...
CVE-2017-8336
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...
Directory traversal
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. dot dot in the gateway parameter...
CVE-2007-0349
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. dot dot in the gateway parameter...
CVE-2006-4527
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magicquotesgpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks...