D-Link DIR-645 操作系统命令注入漏洞

The D-Link DIR-645 is a wireless router from China-based D-Link. An operating system command injection vulnerability exists in the D-Link DIR-645 v1.03, which originates from a command injection vulnerability in the QUERYSTRING parameter in the ajaxexplorer.sgi page...

querymen 安全漏洞

querymen is an individual developer's query string parser middleware for MongoDB, Express, and Nodejs. A security vulnerability exists in querymen that stems from the middleware's susceptibility to prototype contamination...

PT-2022-3370 · D Link · D-Link Dir-645

Name of the Vulnerable Software and Affected Versions: D-Link DIR-645 version 1.03 Description: The issue is related to a command injection vulnerability in the ajax explorer.sgi file of the D-Link DIR-645 router's firmware. This vulnerability arises from the failure to neutralize special element...

GHSA-VCQ7-X4WR-W2MJ Joomla! vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; 2 the query string to the comcontent component, as...

Secomea GateManager Information Disclosure Vulnerability

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in all versions of Secomea GateManager prior to 9.7. The vulnerability stems from the exposure of query string information in GET requests of the LMM API, which could be exploited ...

CVE-2022-27411

TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...

CVE-2022-27411

TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...

PT-2022-18408 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 5.3c.5507 B20171031 Description: A command injection issue was discovered via the QUERY STRING parameter in the Main function. This allows for potential exploitation. Recommendations: For TOTOLINK N600R version 5.3c.550...

TOTOLINK N600R 安全漏洞

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK Electronics. TOTOLINK N600R has a command injection vulnerability, which originates from the "Main" function containing command injection, and can be exploited to execute arbitrary commands via the QUERYSTRING parameter...

Apache Struts Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

Cross site scripting

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

WordPress plugin Anti-Malware Security and Brute-Force Firewall 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress plugin Anti-Malware Security and Brute-Force Firewall is vulnerable to cross-site scripting. The...

VulnCheck KEV: CVE-2022-25084

TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25078

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25082

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25083

TOTOLink A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25080

TOTOLink A830R V5.9c.4729B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...