PT-2023-9692 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: The issue is related to a heap overflow in the setSchedWifi function. This occurs because the src and v12 variables are directly obtained from HTTP request parameters schedStartTime and schedEndTime...

CVE-2023-36549

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters...

CVE-2023-34986

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

October 10, 2023—KB5031354 (OS Build 22621.2428)

October 10, 2023—KB5031354 OS Build 22621.2428 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to find ou...

PT-2023-6019 · Fortinet · Fortiwlm

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWLM versions 8.5.0 through 8.5.4 Fortinet FortiWLM versions 8.6.0 through 8.6.5 Description: The issue is related to an improper neutralization of special elements used in an OS command, also known as 'OS command injection'. Thi...

CVE-2023-39550

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the httppasswd and httpusername parameters in the checkauth function...

CVE-2023-38922

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the httppasswd and httpusername parameters in the updateauth function...

CVE-2023-38499 typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website...

Information Disclosure due to Out-of-scope Site Resolution

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 3.5 Problem In multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site b...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

CVE-2023-25551

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

SUSE CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

Denial Of Service (DoS)

elog:stretch is vulnerable to denial of service This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

Integer overflow

IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters...

Fortinet FortiWeb 操作系统命令注入漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. management interface is vulnerable to comman...

WP Cerber Security < 8.9.3 - 2FA Authentication Bypass

The plugin improperly checked certain HTTP parameters leading to an administrative multi-factor authentication bypass...

Exploit for OS Command Injection in Zeroshell

POC CVE-2019-12725-Remote-Command-Execution ZeroShell 3.9.0 R...

CVE-2021-20698

Sharp NEC Displays UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to i...

MERCUSYS Mercury X18G 安全漏洞

The Mercusys Mercury X18G is a router from the Chinese company Mercusys. A security vulnerability exists in MERCUSYS Mercury X18G 1.0.5 that allows denial of service via a crafted value to POST to listen for http LAN parameters...

SAP Manufacturing Execution Cross-Site Scripting Vulnerability

SAP Manufacturing Execution SAP ME is a powerful, scalable, enterprise-class manufacturing business solution that enables global manufacturers to manage and monitor manufacturing and shop floor operations. It provides a multi-faceted set of capabilities that integrate business systems with shop...