CVE-2025-66259 Authenticated Root Remote Code Execution through improper filtering of HTTP post request parameters

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

EUVD-2021-30429

Malicious code in bioql PyPI...

CVE-2021-43498

An Access Control vulnerability exists in ATutor 2.2.4 in passwordreminder.php when the g, id, h, formpasswordhidden, and formchange HTTP POST parameters are set...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution Vulnerability

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script. ABB...

ABB Cylon Aspect 3.08.00 (sslCertAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

Tenda HG6 3.3.0 Remote Command Injection Vulnerability

Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces. Tenda HG6 v3.3.0 Remote Comman...

webTareas SQL Injection Vulnerability

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas 2.4 and earlier versions, where an unauthenticated user can perform time and...

CVE-2020-5146

A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier...

CVE-2018-14839

LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code remote. The attack vector is: HTTP POST with parameters...

TestLink Open Source Test Management 1.9.16 - Remote Code Execution

TestLink Open Source Test Management 1.9.16 - Remote Code Execution Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in m...

CVE-2017-6629

A vulnerability in the ImageID parameter of Cisco Unity Connection 10.52 could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that...

Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability

A vulnerability in the ImageID parameter of Cisco Unity Connection could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe...

Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability

Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...

doorGets CMS SQL injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability version: doorGets CMS 5.2 Vulnerability description: CVE ID:CVE-2 0 1 4-1 4 5 9 doorGets CMS is a content management system. Since the transfer to"/dg-admin/index.php"script"positiondownid" HTTP POST parameters failed to adequately filtered, the attacker can access the management...