MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setDmzCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which processes...

Tenda i12 安全漏洞

The Tenda i12 is a ceiling-mounted wireless access point produced by the Chinese company Tenda. Version 1.0.0.113862 of the Tenda i12 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters index and wlradio, which may lead to a stack buffer overflow atta...

Django: Django: SQL Injection via RasterField band index parameter

A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...

CVE-2026-3976

A weakness has been identified in Tenda W3 1.0.0.32204. Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch t...

CVE-2026-3971

A vulnerability has been found in Tenda i3 1.0.0.62204. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has bee...

PT-2026-28668

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A stack-based buffer overflow exists in the POST Request Handler component of Tenda AC5 version 15.03.06.47. The issue is located in the formWifiWpsOOB function within the /goform/WifiWpsOOB file...

CVE-2019-25632

CVE-2019-25632 affects phpFileManager 1.7.8. The vulnerability is a local file inclusion that lets unauthenticated attackers read arbitrary server files by manipulating the action, fm_current_dir, and filename parameters in index.php. Attackers can send crafted GET requests to index.php to access...

CVE-2026-4632 itsourcecode Online Enrollment System Parameter index.php sql injection

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...

CVE-2026-32850 MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex paramete...

EUVD-2019-19895

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

PT-2026-26921

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

D-Link多款产品 安全漏洞

D-Link DNS-320, etc., are products of D-Link Corporation from China. The D-Link DNS-320 is a NAS Network Attached Storage device. The D-Link DNS-325 is also a NAS device. The D-Link DNS-120 is a network storage adapter. Several D-Link products have security vulnerabilities; these vulnerabilities...

PT-2026-25591

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the functio...

EUVD-2019-19831

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in...

Jettweb Hazir Rent A Car Scripti SQL注入漏洞

Jettweb Hazir Rent A Car Scripti is a car rental website system operated by the Turkish company Jettweb. The Jettweb Hazir Rent A Car Scripti V4 version contains an SQL injection vulnerability. This vulnerability stems from the tur, id, and ozellikdil parameters at the admin/index.php endpoint,...

Tenda i3 安全漏洞

The Tenda i3 is a wireless access point device produced by the Chinese company Tenda. Version 1.0.0.62204 of the Tenda i3 contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “index” in the file “goform/wifiSSIDget”, which may lead to a stack buffer...

CVE-2026-3702

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...

groupoffice 跨站脚本漏洞

GroupOffice is an open-source groupware and CRM developed by Intermesh. Versions of GroupOffice prior to 6.8.155, 25.0.88, and 26.0.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the f parameter in the external/index process being decoded without proper escapin...

itsourcecode Event Management System SQL注入漏洞

itsourcecode Event Management System is an open-source event management system developed by itsourcecode. Version 1.0 of the itsourcecode Event Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file /admin/index.php,...