CVE-2024-33970

CVE-2024-33970 concerns a SQL injection in Janobe’s PayPal/Credit Card/Debit Card Payment software (version 1.0). The vulnerability allows an attacker to craft a query against the server via the studid parameter in /candidate/controller.php to retrieve stored information. Connected sources (Red H...

F-logic DataCube3 操作系统命令注入漏洞

F-logic DataCube3 is a small measurement terminal system from F-logic Japan. An operating system command injection vulnerability exists in F-logic DataCube3 version 1.0, which originates from the parameter ntpserver via the file /admin/configtimesync.php that causes operating system command...

Faraday GM8181和Faraday GM828x 操作系统命令注入漏洞

The Faraday GM8181 and Faraday GM828x are both hardware devices from China-based Smartwon Technology Faraday. An operating system command injection vulnerability exists in the Faraday GM8181 and GM828x version 20240429 and earlier versions, which stems from the fact that incorrect manipulation of...

CVE-2024-30572

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntpserver parameter...

CVE-2023-45227

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

CVE-2023-51722

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CVE-2023-51720

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

ColumbiaSoft Document Locator Security Vulnerability

ColumbiaSoft Document Locator is a document management system from ColumbiaSoft. A security vulnerability exists in ColumbiaSoft Document Locator versions prior to 7.2 SP4, which stems from the parameter Server in file/api/authentication/login can lead to incorrect authentication...

CVE-2023-40221

The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section MAIL SERVER where the information is displayed. Injection can be done on...

PT-2023-5662

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions 10.01.2 and earlier Description The issue is related to the gdevijs.c component in GhostPDL, which can lead to remote code execution via crafted PostScript documents. This is because the documents can switch to the...

The vulnerability of D-Link DIR-825 router’s microprogramming software lies in the lack of measures to clean incoming data, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DIR-825 router’s microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created POST request, ntpsync.cgi, through the ntpserver...

CVE-2023-2391

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=timezone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site...

NETGEAR SRX5308 跨站脚本漏洞

The NETGEAR SRX5308 is a VPN firewall appliance from NETGEAR. The NETGEAR SRX5308 suffers from a cross-site scripting vulnerability that originates from incorrect manipulation of the parameter smtpServer.emailServer. The vulnerability can be exploited by an attacker to obtain sensitive informatio...

PT-2023-2603 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: The issue exists due to insufficient input validation in the web management interface of the Netgear SRX5308 router's embedded software. This allows a remote attacker to conduct a cross-site...

SUSE CVE-2007-2865

Cross-site scripting XSS vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter...

SUSE CVE-2009-1175

Cross-site scripting XSS vulnerability in apps/web/vsdiag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message...

SUSE CVE-2018-7667

Adminer through 4.3.1 has SSRF via the server parameter...

PT-2023-15583 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was found via the servername parameter in the setting/delStaticDhcpRules function. This allows for potential exploitation. Recommendations: For TOTOlink...

CVE-2022-43392

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted authorization request...

PT-2023-1413 · Zyxel · Zyxel Nr7101

Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 firmware prior to V1.15ACCC.3C0 Description: The issue is related to a buffer overflow vulnerability in the parameter of the web server, which occurs due to the lack of input size validation. This could allow a remote attacker to...