TotoLink T10 操作系统命令注入漏洞

TOTOLink T10 is a wireless network system router from TotoLink, China.TOTOLink T10 V5.9c.5061B20200511 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...

TotoLink A3600R 操作系统命令注入漏洞

TOTOLink A3600R is a wireless router from TotoLink, China.TOTOLink A3600R V4.1.2cu.5182B20201102 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...

PT-2022-3858 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLink T10 version V5.9c.5061 B20200511 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink T10 mesh system. This allows a remote attacker to execute arbitrary commands through the...

PT-2022-3934 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLink A950RG versions V4.1.2cu.5204 B20210112 through V5.9c.4050 B20190424 Description: The issue is related to the "Main" function of the TOTOLink A950RG router's firmware, which lacks input data sanitization. This allows a remote attacke...

PT-2022-2961

Name of the Vulnerable Software and Affected Versions TOTOLink A3000RU version V5.9c.2280 B20180512 Description The issue is related to a command injection vulnerability in the "Main" function, which is caused by insufficient argument checking. This allows attackers to execute arbitrary commands...

PT-2022-3857 · Totolink · Totolink A800R

Name of the Vulnerable Software and Affected Versions: TOTOLink A800R version 4.1.2cu.5137 B20200730 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A800R router's firmware. This vulnerability is caused by the lack of input data...

GHSA-7F59-X49P-V8MQ Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...

CVE-2017-9392

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "requestimage" as one of the service actions for ...

CVE-2018-5715

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string aka a $key variable...

CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

Informatica: [kb.informatica.com] DOM based XSS in the bindBreadCrumb function

The bindBreadCrumb function, which is called after the document is loaded: javascript $document.readyfunction bindBreadCrumb; ; has the following insecure link assignments, that use non-encoded URL values: javascript strChild = "Search Results"; strChild = "Search Results"; strChild = "Search...

D-link IP camera DCS-2103 with firmware cross-site scripting vulnerability

D-link IP camera DCS-2103 is a camera for IP surveillance solution. A cross-site scripting vulnerability exists in D-link IP camera DCS-2103 with firmware versions prior to 1.20, which allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING parameter in vb.htm...

Parallels Plesk 8.2 URL Redirection

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability 1. OVERVIEW The Plesk versions from 7.0 to 8.2 are vulnerable to Open URL Redirection when "Enable [email protected]" access format, a new feature introduced in Plesk 7.0, is enabled in user preferences. 2. BACKGROUND Parallels Plesk...

CVE-2009-1553

Multiple cross-site scripting XSS vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 applications/applications.jsf, 2 configuration/configuration.jsf, 3 customMBeans/customMBeans.jsf, ...

DEBIAN-CVE-2008-5080

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting XSS attacks via the querystring parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714...

PT-2008-6232 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.8 and earlier Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via the query string parameter, due to the incomplete removal of quote characters by awstats.pl. This problem exists...