CVE-2025-70225

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component...

CVE-2025-70225

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component...

CVE-2025-70225

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component...

EUVD-2004-2398

Malware in sbrugna...

Lenovo ThinkPad 缓冲区错误漏洞

Lenovo ThinkPad is a portable computer from Lenovo, a Chinese company. The Lenovo ThinkPad suffers from a security vulnerability that stems from its LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause an information disclosure via a buffer out-of-bounds...

Nextcloud: xss on setup config page

Nextcloud version: 18.0.1 In setup config page，setting mysql Username with payloadalert1, and set others. F739076 then submit . F739077 this gif will show poc: F739069 Impact This is because the code does not filter dangerous characters. so dangerous characters need to be escaped...

CVE-2011-5300

CVE-2011-5300 affects poMMo Aardvark PR16.1. a CSRF in admin/setup/config/users.php allows remote attackers to hijack administrator authentication by submitting requests that modify credentials via certain admin_ parameters. Root cause is a CSRF in the credential-modification flow. Impact describ...

UBUNTU-CVE-2012-0782

DISPUTED Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the...

PT-2012-2868 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbname, or uname parameters in the wp-admin/setup-config.php file. The vendor disputes the significance...

PT-2012-1989 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The installation component in WordPress does not ensure that the specified MySQL database service is appropriate, allowing remote attackers to configure an arbitrary database via the dbhost an...

PT-2012-1988 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The installation component in WordPress generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid. This makes it easier fo...

CVE-2010-3056

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...

CVE-2004-2407

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality...

CVE-2004-2407

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality...