75 matches found
CVE-2023-24153
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
PT-2023-19434 · Totolink · Totolink Ca300-Poe
Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884 Description: A command injection issue was found via the plugin version parameter in the setUnloadUserData function. This allows for potential command injection attacks. Recommendations: For TOTOLINK...
TOTOLINK T8 命令注入漏洞
TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the version parameter of the recvSlaveCloudCheckStatus method failing to properly filter construct command speci...
Jenkins Plugin Package 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...
Jenkins Application Detector Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application. Jenkins Application Detector 1.0.8 and earlier versions have a cross-site scripting vulnerability that stems from the program not properly escaping the view of the display...
Jenkins Jira Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that suffers from a cross-site scripting vulnerability that stems from the application not escaping the names and descriptions of the Jira Issue and Jira Release Version...
MediaWiki Input Validation Error Vulnerability (CNVD-2021-35230)
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An input validation error vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...
CVE-2021-31537
SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters...
PT-2021-19426 · Mediawiki +2 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue was discovered in the Oauth extension for MediaWiki. It did not validate the oarc version also known as oauth registered consumer.oarc version parameter's length. Recommendations: For...
MediaWiki 输入验证错误漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An input validation error vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...
CVE-2019-3686
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security...
CVE-2019-3686
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security...
CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...
Information disclosure
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...
CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...
CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...
CVE-2018-18600
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter...
CVE-2018-18600
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter...
CMS Made Simple admin/moduleinterface.php Reflective Cross-Site Scripting Vulnerability
CMS Made Simple is a content management system developed using PHP, MySQL and Smarty template engine. A reflected cross-site scripting vulnerability exists in admin/moduleinterface.php in CMS Made Simple 2.2.7. The vulnerability can be exploited to conduct cross-site scripting attacks via the...
CVE-2018-10032
CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1version parameter...