PT-2023-27661 · Thecosy · Thecosy Icecms

Name of the Vulnerable Software and Affected Versions: Thecosy IceCMS version 1.0.0 Description: The issue allows a remote attacker to gain privileges. This is achieved via the Id and key parameters in the getCosSetting function. Recommendations: For Thecosy IceCMS version 1.0.0, consider...

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS v.1.0.0, which originated from allowing an attacker to gain privileges via the Id and key parameters in getCosSetting...

CVE-2023-39675

SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php...

Sql injection

SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling and other features. A security vulnerability exists in SimpleImportProduct Prestashop Module version v6.2.9,...

ALPINE-CVE-2023-3817

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

CVE-2023-30151

A SQL injection vulnerability in the Boxtal envoimoinscher module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the key GET parameter...

CVE-2023-30151

A SQL injection vulnerability in the Boxtal envoimoinscher module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the key GET parameter...

CVE-2023-30151

A SQL injection vulnerability in the Boxtal envoimoinscher module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the key GET parameter...

PT-2023-22560 · Prestashop · Prestashop Boxtal

Name of the Vulnerable Software and Affected Versions: PrestaShop Boxtal envoimoinscher module versions after 3.1.10 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the key GET parameter. This affects the Boxtal module for PrestaShop...

The vulnerability of the AccessCtrlAccessTargetsRpm component (/userRpm/AccessCtrlAccessTargetsRpm.htm) of the TP-Link routers TL-WR940N, TL-WR841N, TL-WR941N, and TL-WR743N software allows a attacker to cause service interruptions.

The vulnerability of the AccessCtrlAccessTargetsRpm component /userRpm/AccessCtrlAccessTargetsRpm.htm of the TP-Link routers TL-WR940N, TL-WR841N, TL-WR941N, and TL-WR743N lies in the fact that the operation outside the buffer in memory occurs when processing the Changed key parameter. Exploiting...

CVE-2023-27837

TP-Link TL-WPA8630P US V2 Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub 40A774...

CVE-2023-27837

TP-Link TL-WPA8630P US V2 Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub 40A774...

PT-2023-3393 · Tp Link · Tp-Link Tl-Wpa8630P

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WPA8630P US V2 version 171011 Description: The issue is related to a command injection vulnerability in the sub 40A774 function, specifically via the key parameter. This vulnerability can be exploited by a remote attacker to execut...

PT-2023-11363 · Dro.Pm · Dro.Pm

Name of the Vulnerable Software and Affected Versions: dro.pm affected versions not specified Description: A problematic issue was found in dro.pm, affecting an unknown part of the file web/fileman.php. The manipulation of the secret/key argument leads to cross-site scripting. It is possible to...

WordPress plugin Tutor LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-10619 · Unknown · Jfm-So Piwallet

Name of the Vulnerable Software and Affected Versions: jfm-so piWallet affected versions not specified Description: A critical issue affects some unknown functionality of the file api.php. The manipulation of the key argument leads to sql injection. Recommendations: Apply a patch to fix this issu...

Dropbox Merou 注入漏洞

Dropbox Merou is an open source Dropbox application that allows users to create and manage their group memberships. Dropbox Merou suffers from an injection vulnerability that stems from a problem with the addpublickey function in the grouper/publickey.py file in the component SSH Public Key...

CVE-2022-46569

D-Link DIR-882 DIR882A1FW130B06, DIR-878 DIR878FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module...

D-Link DIR-882 缓冲区错误漏洞

The D-Link DIR-882 is a wireless router from China Youxun D-Link.The D-Link DIR-882 is vulnerable to a buffer overflow vulnerability that originates from a discovery containing a stack overflow via the Key parameter in the SetWLanRadioSecurity module. No detailed vulnerability details are current...