EUVD-2026-31651

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

CVE-2026-2857

A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation ...

D-Link DWR-M920 安全漏洞

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that originates from malicious manipulation of the submit-url parameter of the sub41C7FC function in the /boafrm/formPinManageSetup file. An attacker can...

EUVD-2025-25586

Malicious code in bioql PyPI...

CVE-2025-9782

CVE-2025-9782 affects TOTOLINK A702R firmware version 4.0.0-B20211108.1423. The issue is in the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton, where manipulating the submit-url argument can cause a buffer overflow. This vulnerability can be exploited remotely, and public PoC/expl...

The vulnerability of the built-in boa server (/boafrm/formSaveConfig) of the TOTOLINK EX1200T router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the built-in boa server /boafrm/formSaveConfig of the TOTOLINK EX1200T router’s microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious acto...

The vulnerability of the /boafrm/formWsc file in the HTTP POST Request Handler of the microprogramming software for TOTOLINK routers, models A702R, A3002R, and A3002RU, allows a perpetrator to execute arbitrary code.

The vulnerability of the /boafrm/formWsc file in the HTTP POST Request Handler of the microprogramming software for TOTOLINK A702R, A3002R, and A3002RU routers is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker who...

CVE-2025-4831

A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formSiteSurveyProfile of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...

TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...

PT-2023-17033 · Sourcecodester · Sourcecodester Simple/Nice Shopping Cart Script

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description: A critical issue affects the processing of the file uploaderm.php, where the manipulation of the submit argument leads to unrestricted upload. The attack can be...

CVE-2011-5179

Cross-site scripting XSS vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter...

CVE-2012-0901

Cross-site scripting XSS vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter...

CVE-2008-1550

Multiple cross-site scripting XSS vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via 1 the a parameter in a searchStr action and the 2 Submit parameter...

CVE-2005-1782

Multiple cross-site scripting XSS vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to 1 addreview.htm, 2 suggestreview.htm, 3 suggestcategory.htm, 4 addbooklist.htm, or 5 addurl.htm, the isbn parameter to 6 addreview.htm, ...

CVE-2004-2656

Multiple cross-site scripting XSS vulnerabilities in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode before R25041 allow remote attackers to inject arbitrary web script or HTML via 1 the topic parameter in search.pl and 2 the filter parameter in submit.pl...