PT-2023-19995 · Loonflow · Loonflow

Name of the Vulnerable Software and Affected Versions: loonflow version r2.0.14 Description: A Server-Side Request Forgery SSRF issue allows attackers to force the application to make arbitrary requests via manipulation of the hook url parameter. This enables attackers to potentially access...

CVE-2018-14713

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter...

CVE-2018-14712

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter...

CVE-2018-14710

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter...

Buffer overflow

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter...

Format string

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter...

Wonder CMS PHP Remote File Inclusion

Wonder CMS is an open source content management system CMS. A PHP remote file inclusion vulnerability exists in the editInplace.php file in Wonder CMS version 2014. A remote attacker can execute arbitrary PHP code with the help of the hook parameter in the URL...

CVE-2014-8705

The CVE-2014-8705 issue concerns Wonder CMS 2014, where editInplace.php is vulnerable to a PHP Remote File Inclusion. An attacker can trigger arbitrary PHP code execution by supplying a crafted URL in the hook parameter. Connected sources (CNVD-2017-03526) confirm the vulnerability exists in Wond...