CVE-2025-1800 D-Link DAR-7000 HTTP POST Request sxh_vpnlic.php get_ip_addr_details command injection

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function getipaddrdetails of the file /view/vpn/sxhvpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. Th...

CVE-2025-1800 D-Link DAR-7000 HTTP POST Request sxh_vpnlic.php get_ip_addr_details command injection

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function getipaddrdetails of the file /view/vpn/sxhvpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. Th...

CVE-2025-1800

The CVE-2025-1800 entry concerns D-Link DAR-7000 (version 3.2) with a command-injection in the HTTP POST handler: get_ip_addr_details in /view/vpn/sxh_vpn/sxh_vpnlic.php. The ethname parameter is not properly filtered, enabling remote exploitation. Multiple sources (NVD, Red Hat, CNVD, CVE listin...

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5....

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5....

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5....

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5....

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5....

CVE-2024-51139

The CVE-2024-51139 entry describes a Buffer Overflow in DrayTek/Vigor devices where the CGI parser mishandles the Content-Length header of HTTP POST requests, enabling potential remote arbitrary-code execution. Affected devices and versions include Vigor2620/LTE200 up to 3.9.8.9 and earlier, Vigo...

D-Link DIR-823X Null Pointer Dereference Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a null pointer dereference vulnerability that originates in the parameter macList in the setwifiblacklists function of the file /goform/setwifiblacklists in the component HTTP POST request handler,...

CVE-2025-1360

A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msgto leads to cross site scripting. It is...

CVE-2025-1360 Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting

A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msgto leads to cross site scripting. It is...

CVE-2025-1360

Summary: CVE-2025-1360 affects Internet Web Solutions Sublime CRM up to version 20250207. The vulnerability exists in the HTTP POST Request Handler, specifically an unknown function in the file /crm/inicio.php, where manipulation of the msg_to parameter leads to cross-site scripting. It can be ex...

CVE-2025-1360 Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting

A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msgto leads to cross site scripting. It is...

PT-2025-6893 · Internet Web Solutions · Sublime Crm

Name of the Vulnerable Software and Affected Versions: Internet Web Solutions Sublime CRM up to 20250207 Description: A problematic vulnerability was found in the HTTP POST Request Handler component of Internet Web Solutions Sublime CRM, affecting an unknown function of the file /crm/inicio.php...

SUSE CVE-2024-8925

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

CVE-2024-56908

Perfex CRM versions before 3.2.1 are affected by CVE-2024-56908. An authenticated attacker can issue a crafted HTTP POST to the upload_sales_file endpoint and supply malicious input in the rel_id parameter, taking advantage of improper input validation to bypass restrictions and upload arbitrary ...

CVE-2024-56908

In Perfex Crm 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected uploadsalesfile endpoint. By providing malicious input in the relid parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directorie...

The vulnerability in the form2Wan.cgi script of the D-Link DIR-816A router’s software allows a hacker to execute arbitrary code.

The vulnerability of the form2Wan.cgi script in the D-Link DIR-816A2 router software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTTP POST request...

CVE-2024-46430

Tenda W18E V16.01.0.81625 is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassi...