39 matches found
EUVD-2025-32705
A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fastsettingpppoeset. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may ...
CVE-2025-11387
CVE-2025-11387 affects Tenda AC15 routers (AO: 15.03.05.18) via the function in /goform/fast_setting_pppoe_set. The vulnerability is a stack-based buffer overflow caused by manipulated Password input, and is exploitable remotely with a publicly disclosed exploit (PoC). Multiple sources corroborat...
PT-2025-14830 · Tenda · Tenda W18E
Name of the Vulnerable Software and Affected Versions: Tenda W18E version 16.01.0.11 Description: A problematic vulnerability was found in Tenda W18E, affecting the formSetAccountList function of the file /goform/setModules. The manipulation of the Password argument leads to a stack-based buffer...
PT-2024-17789 · Foxcms · Foxcms
Name of the Vulnerable Software and Affected Versions: FoxCMS versions up to 1.2 Description: A critical issue was found in the API Endpoint component, specifically in the file /app/api/controller/Site.php. The manipulation of the password argument leads to improper authorization, allowing for...
PT-2024-38135 · Totolink · Totolink A3600R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found in the loginauth function of the /cgi-bin/cstecgi.cgi file. The manipulation of the password and http host arguments leads to a buffer overflow. This...
CVE-2024-3534
A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The explo...
CVE-2024-2976
A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched...
PT-2024-23000 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A critical issue was found in the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to a stack-based buffer overflow. This issue can be...
PT-2024-23083 · Tenda · Tenda Fh1202
Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue affects the function formQuickIndex of the file /goform/QuickIndex, where the manipulation of the PPPOEPassword argument leads to a stack-based buffer overflow. This can be...
PT-2024-15793 · Unknown · Efs Easy File Sharing Ftp
Name of the Vulnerable Software and Affected Versions: EFS Easy File Sharing FTP version 3.6 Description: A problematic vulnerability has been found in the Login component of the software. The manipulation of the password argument leads to denial of service. This issue can be exploited remotely...
PT-2023-32126 · Unknown · Code-Projects Farmacia
Name of the Vulnerable Software and Affected Versions: codeprojects Farmacia version 1.0 Description: A critical issue was found in the code, affecting an unknown function of the file index.php. The manipulation of the usario/senha argument leads to sql injection. It is possible to launch the...
PT-2023-22816 · Code Projects · Agro-School Management System
Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file index.php. The manipulation of the password argument leads to sql injection, allowing for...
Command injection
A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The patch is...
PT-2023-12408 · Unknown · Eprintsug Ulcc-Core
Name of the Vulnerable Software and Affected Versions: eprintsug ulcc-core affected versions not specified Description: A critical issue was found in the file cgi/toolbox/toolbox, where the manipulation of the password argument leads to command injection. This issue can be exploited remotely...
CVE-2022-3582
A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched...
ALPINE-CVE-2020-1739
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from...
Buffer overflow
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.1212327 allows remote attackers to execute arbitrary code via a long string to the password argument...
Default credentials
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process...
CVE-1999-1533
Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service hang via a long password argument to the login.htm file in its HTTP service...