DrayTek Vigor 3910 安全漏洞

The DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3910 version 4.3.2.6 and prior versions, which is caused by a stack-based overflow when processing query string parameters...

CVE-2024-7440 Vivotek CC8160 upload_file.cgi getenv command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to initiate the attack remotel...

CVE-2024-7440 Vivotek CC8160 upload_file.cgi getenv command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to initiate the attack remotel...

Vivotek IB8367A 命令注入漏洞

Vivotek IB8367A is a network camera from China VIVOTEK Communications Vivotek. The Vivotek IB8367A VVTK-0100b suffers from a command injection vulnerability that stems from the parameter QUERYSTRING in the file uploadfile.cgi that can lead to command injection...

Vivotek SD9364 命令注入漏洞

Vivotek SD9364 is a high-speed camera from China VIVOTEK Communications Vivotek. A command injection vulnerability exists in the Vivotek SD9364 version VVTK-0103f, which stems from the parameter QUERYSTRING in the file uploadfile.cgi that can lead to command injection...

Vivotek CC8160 安全漏洞

The Vivotek CC8160 is a 2MP highly striped network camera from China VIVOTEK Communications Vivotek. A security vulnerability exists in the Vivotek CC8160 VVTK-0100d version, which stems from the parameter QUERYSTRING in the file uploadfile. cgi that can lead to command injection...

PYSEC-2024-86

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

GHSA-JMP3-39VP-FWG8 Wagtail regular expression denial-of-service via search query parsing

Impact A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedly large amount of time to process, resulting in a denial of...

PT-2024-28441 · Wagtail · Wagtail

Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 5.2.6 Wagtail versions prior to 6.0.6 Wagtail versions prior to 6.1.3 Description: A bug in Wagtail's parse query string function would result in it taking a long time to process suitably crafted inputs, leading to a...

Torchbox Wagtail Security Breach

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Torchbox Wagtail versions 5.2.6, 6.0 through 6.0.5, and 6.1 through 6.1.2, which stems from an error in parsequerystring that causes it to take a long time to process appropriatel...

CVE-2024-36829

Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string...

Teldat M1 Security Vulnerability

Teldat M1 is a compact modular router from Teldat Poland. A security vulnerability exists in Teldat M1 version v11.00.05.50.01. An attacker exploited the vulnerability to obtain sensitive information via a specially crafted query string...

CVE-2024-36829

Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string...

CVE-2024-36829

CVE-2024-36829 affects Teldat M1, version v11.00.05.50.01. The vulnerability is an incorrect access control issue that allows an attacker to obtain sensitive information through a crafted query string. The available sources confirm the affected product/version and the nature of the access control...

CVE-2024-36829

Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string...

Malicious code in query-string-cjs (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2912 Malicious code in query-string-cjs (npm)

--- -= Per source details. Do not edit below this line.=-...

GHSA-JQ87-2WXP-8349 ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`

In Zend Framework 2, Zend\Mvc\Router\Http\Query is used primarily to allow appending query strings to URLs when assembled. However, due to the fact that it captures any query parameters into the RouteMatch, and the fact that RouteMatch parameters are merged with any parent routes, this can lead t...

PT-2024-40041 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: SilverStripe framework affected versions not specified Description: A high-level XSS issue has been found in the SilverStripe framework. It affects how links with hash anchors are rewritten. The rewriteHashlinks option in SSViewer rewrites...

Open Redirect

drupal/drupal is vulnerable to Open Redirect. The vulnerability is due to the insecure handling of the "destination" query string parameter in Drupal core and contributed modules. This allows malicious users to craft URLs that redirect unsuspecting users to third-party websites...