43 matches found
WordPress plugin Broadstreet 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-1695 · WordPress · Broadstreet
Name of the Vulnerable Software and Affected Versions: Broadstreet plugin for WordPress versions up to, and including, 1.50.3 Description: The issue is related to Stored Cross-Site Scripting via the zone parameter due to insufficient input sanitization and output escaping. This allows authenticat...
CVE-2024-23057
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function...
PT-2023-29069 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 Description: A stack overflow issue was discovered via the timeZone parameter in the fromSetSysTime function. This issue can be exploited, potentially leading to unauthorized...
Tenda AC7 timeZone Parameter Stack Buffer Overflow Vulnerability
The Tenda AC7 is a dual-band wireless router with a strong signal and stable performance for large, multi-bedroom users. The Tenda AC7 suffers from a stack buffer overflow vulnerability that originates from the timeZone parameter of /goform/SetSysTimeCfg failing to correctly validate the length a...
CVE-2023-40898
Tenda AC8 v4 USAC8V4.0siV16.03.34.06cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg...
The vulnerability of the sub_44db3c() function in Tenda AC8 router software allows a hacker to execute arbitrary code or cause service failures.
The vulnerability of the sub44db3c function in Tenda AC8 router microprogramming software is related to the execution of operations outside the buffer in memory when processing the timeZone parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a...
PT-2023-4254 · Tenda · Tenda Ac8
Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions prior to V4.0-V16.03.34.06 Description: The issue is related to a buffer overflow in the sub 44db3c function when handling the timeZone parameter. This can be exploited by a remote attacker to execute arbitrary code or caus...
CVE-2022-43028
Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg...
Tenda TX3 缓冲区错误漏洞
Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 that originates from a stack overflow contained in the timeZone parameter of /goform/SetSysTimeCfg. No details of the vulnerability are provided at this time...
PT-2022-2516 · D Link · D-Link Dir-823-Pro
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823-Pro version 1.0.2 Description: The issue is related to the implementation of the SetNTPserverSeting function in the D-Link DIR-823-Pro wireless router's firmware, which fails to properly sanitize data at the management level...
CVE-2022-27000
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the hprimaryntpserver, hbackupntpserver, and htimezone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
ARRIS SBR-AC1900P和ARRIS SBR-AC3200P 操作系统命令注入漏洞
ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS USA. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the TimeZone parameter in the ntp function failing to properly filter the construct command special characters, commands,...
ARRIS TR3300 命令注入漏洞
ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS U.S.A. A command injection vulnerability exists in ARRIS TR3300, which stems from the failure of the htimezone parameter in the time zone function to properly filter the construct command special characters, commands, etc. The vulnerability can ...
CVE-2022-24148
Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter...
CVE-2022-24163
Tenda AX3 v16.03.12.10CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the timeZone parameter...
CVE-2022-24143
Tenda AX3 v16.03.12.10CN and AX12 22.03.01.2CN was discovered to contain a stack overflow in the function formfastsettingwifiset. This vulnerability allows attackers to cause a Denial of Service DoS via the timeZone parameter...
CVE-2022-24143
Tenda AX3 v16.03.12.10CN and AX12 22.03.01.2CN was discovered to contain a stack overflow in the function formfastsettingwifiset. This vulnerability allows attackers to cause a Denial of Service DoS via the timeZone parameter...
CVE-2020-22079
Stack-based buffer overflow in Tenda AC-10U AC1200 Router USAC10UV1.0RTLV15.03.06.48multiTDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg...
Directory traversal
Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the zone parameter...