255 matches found
CVE-2025-9151
A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...
ThriveX-Blog 安全漏洞
ThriveX-Blog is a blog management system by the individual developer LiuYuYang01. A security vulnerability exists in ThriveX-Blog 3.1.7 and earlier versions, which originates from an improper authorization issue in the function updateJsonValueByName in the file /webconfig/json/name/web...
The vulnerability of the formSetSafeWanWebMan() function (/goform/SetRemoteWebCfg) in the Tenda AC15 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the formSetSafeWanWebMan function /goform/SetRemoteWebCfg in the Tenda AC15 router software exists because the operation is performed outside the buffer in memory when processing the remoteIp parameter. Exploiting this vulnerability could allow a malicious actor to compromise...
CVE-2025-5853 Tenda AC6 SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely...
CVE-2023-22452
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
CVE-2023-4462
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...
CVE-2023-0432
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...
CVE-2023-35835
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...
CVE-2020-13124
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system...
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...
CVE-2020-18229
Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgcopyright" of component " /admin/webconfig.php"...
CVE-2019-13523
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs Network Video Recorders, which can be accessed without authentication over the network...
CVE-2019-13923
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway All versions. The integrated configuration web server of the affected device could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for ...
CVE-2025-22370
Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...
CVE-2025-22370 Mennekes smart/premium charges systems, SQL Injection in web configuration interface
Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...
TOTOLINK A3000Ru 安全漏洞
The TOTOLINK A3000RU is a home wireless router. The TOTOLINK A3000RU suffers from a hard-coded password vulnerability that originates from the use of hard-coded passwords in the /webcste/cgi-bin/product.ini file. An attacker can exploit the vulnerability by using a hard-coded password to access t...
CVE-2024-3498
Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...
CVE-2024-3498 Incorrect Permission Assignment Privilege Escalation Vulnerability
Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...
CVE-2024-3498 Incorrect Permission Assignment Privilege Escalation Vulnerability
Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...
CVE-2024-3498
Summary of CVE-2024-3498 : Affects Toshiba e-STUDIO/Tec MFPs where an improper permission assignment enables attackers who can access the device to enable certain web-configured services and elevate privileges to root, potentially allowing arbitrary code execution. The issue is tied to multiple r...