CVE-2026-9363 Edimax EW-7438RPn POST Request formEZCHNwlanSetu formEZCHNwlanSetup command injection

A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the function formEZCHNwlanSetup of the file /goform/formEZCHNwlanSetu of the component POST Request Handler. Performing a manipulation of the argument method results in command injection. Remote exploitation of the attack ...

CVE-2025-64579

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD-2004-2563

Malware in sbrugna...

D-Link DIR-513 Buffer Overflow Vulnerability (CNVD-2025-23468)

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a buffer overflow vulnerability due to incorrect manipulation of the parameter webpage in the file /goform/formWPS, no details of the vulnerability are provided at this time...

TOTOLINK A3002R 安全漏洞

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. A buffer overflow vulnerability exists in the TOTOLINK A3002R. The vulnerability stems from the fwip...

CVE-2025-7082 Belkin F9K1122 webs formBSSetSitesurvey os command injection

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wanipaddr/wannetmask/wangateway/wlssid is directly passed by t...

D-Link DIR-605L formSetWanPPTP Function Buffer Overflow Vulnerability

The D-Link DIR-605L is the first cloud router from AUO, aimed at home and small office network environments. The D-Link DIR-605L suffers from a buffer overflow vulnerability that originates from the webpage parameter of the formSetWanPPTP function in the /goform/formSetWanPPTP page that fails to...

Tiempo.com <= 0.1.2 - Stored XSS via CSRF

The plugin does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a page with the code below input type="hid...

CVE-2020-13186

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...

PHPCMS V9 Full Version Has Reflective XSS Vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9 full version of the existence of reflective XSS vulnerability, an attacker can use this vulnerability to web form to insert XSS execution code, pop-up box operation, access to user cookies and other sensitive...

Reflected Cross-Site Scripting Vulnerability in 'keyword' Parameter of Qibo Classifieds Information System

Zibo classification information system is an open source content management system. Qibo Classifieds Information System 'keyword' parameter has a reflective cross-site scripting vulnerability that allows an attacker to insert XSS execution code into a web form, which poses a security risk of...

cPanel 11.x - Cross-Site Request Forgery (Edit E-mail)

cPanel 11.x - Cross-Site Request Forgery Edit E-mail Exploit Title: Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit Date: 22 - 10 - 2010 Author: Mon7rF Mail : [email protected] Tested on: Windows 7 --------------------------------------------------------------------------------------...

CGI RESCUE WebFORM allows unauthorized email transmission

Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...

CGI RESCUE WebFORM vulnerable to cross-site scripting

Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...

Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution

Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. An insecurely-structured call to the open function leads t...