Lucene search
K

43 matches found

CNNVD
CNNVD
added 2025/01/25 12:0 a.m.3 views

WordPress plugin Broadstreet 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.9AI score0.00306EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/25 12:0 a.m.4 views

PT-2025-1695 · WordPress · Broadstreet

Name of the Vulnerable Software and Affected Versions: Broadstreet plugin for WordPress versions up to, and including, 1.50.3 Description: The issue is related to Stored Cross-Site Scripting via the zone parameter due to insufficient input sanitization and output escaping. This allows authenticat...

6.4CVSS6.1AI score0.00306EPSS
Exploits0References8
OSV
OSV
added 2024/01/11 4:15 p.m.5 views

CVE-2024-23057

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function...

9.8CVSS5.8AI score0.0164EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.5 views

PT-2023-29069 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 Description: A stack overflow issue was discovered via the timeZone parameter in the fromSetSysTime function. This issue can be exploited, potentially leading to unauthorized...

9.8CVSS7.4AI score0.0091EPSS
Exploits0References5
CNVD
CNVD
added 2023/09/01 12:0 a.m.4 views

Tenda AC7 timeZone Parameter Stack Buffer Overflow Vulnerability

The Tenda AC7 is a dual-band wireless router with a strong signal and stable performance for large, multi-bedroom users. The Tenda AC7 suffers from a stack buffer overflow vulnerability that originates from the timeZone parameter of /goform/SetSysTimeCfg failing to correctly validate the length a...

9.8CVSS6.5AI score0.00701EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/08/24 6:15 p.m.9 views

CVE-2023-40898

Tenda AC8 v4 USAC8V4.0siV16.03.34.06cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg...

9.8CVSS5.8AI score0.00701EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.9 views

The vulnerability of the sub_44db3c() function in Tenda AC8 router software allows a hacker to execute arbitrary code or cause service failures.

The vulnerability of the sub44db3c function in Tenda AC8 router microprogramming software is related to the execution of operations outside the buffer in memory when processing the timeZone parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a...

10CVSS8.7AI score0.02089EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.6 views

PT-2023-4254 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions prior to V4.0-V16.03.34.06 Description: The issue is related to a buffer overflow in the sub 44db3c function when handling the timeZone parameter. This can be exploited by a remote attacker to execute arbitrary code or caus...

10CVSS8.8AI score0.02089EPSS
Exploits2References7
OSV
OSV
added 2022/10/19 7:15 p.m.6 views

CVE-2022-43028

Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg...

9.8CVSS5.9AI score0.00755EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.6 views

Tenda TX3 缓冲区错误漏洞

Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 that originates from a stack overflow contained in the timeZone parameter of /goform/SetSysTimeCfg. No details of the vulnerability are provided at this time...

9.8CVSS7.3AI score0.00755EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/04/01 12:0 a.m.10 views

PT-2022-2516 · D Link · D-Link Dir-823-Pro

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823-Pro version 1.0.2 Description: The issue is related to the implementation of the SetNTPserverSeting function in the D-Link DIR-823-Pro wireless router's firmware, which fails to properly sanitize data at the management level...

10CVSS9.8AI score0.27462EPSS
Exploits1References5
OSV
OSV
added 2022/03/15 10:15 p.m.5 views

CVE-2022-27000

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the hprimaryntpserver, hbackupntpserver, and htimezone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS7.5AI score0.03453EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.4 views

ARRIS SBR-AC1900P和ARRIS SBR-AC3200P 操作系统命令注入漏洞

ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS USA. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the TimeZone parameter in the ntp function failing to properly filter the construct command special characters, commands,...

9.8CVSS5.9AI score0.02718EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.8 views

ARRIS TR3300 命令注入漏洞

ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS U.S.A. A command injection vulnerability exists in ARRIS TR3300, which stems from the failure of the htimezone parameter in the time zone function to properly filter the construct command special characters, commands, etc. The vulnerability can ...

10CVSS6AI score0.03453EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/04 2:15 a.m.6 views

CVE-2022-24148

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter...

9.8CVSS7.6AI score0.02724EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/04 2:15 a.m.9 views

CVE-2022-24163

Tenda AX3 v16.03.12.10CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the timeZone parameter...

7.8CVSS7.2AI score0.01175EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/04 2:15 a.m.8 views

CVE-2022-24143

Tenda AX3 v16.03.12.10CN and AX12 22.03.01.2CN was discovered to contain a stack overflow in the function formfastsettingwifiset. This vulnerability allows attackers to cause a Denial of Service DoS via the timeZone parameter...

7.8CVSS7.2AI score0.01175EPSS
Exploits1References2
OSV
OSV
added 2022/02/04 2:15 a.m.5 views

CVE-2022-24143

Tenda AX3 v16.03.12.10CN and AX12 22.03.01.2CN was discovered to contain a stack overflow in the function formfastsettingwifiset. This vulnerability allows attackers to cause a Denial of Service DoS via the timeZone parameter...

7.5CVSS7.2AI score0.01175EPSS
Exploits1References1
OSV
OSV
added 2021/10/29 11:15 a.m.8 views

CVE-2020-22079

Stack-based buffer overflow in Tenda AC-10U AC1200 Router USAC10UV1.0RTLV15.03.06.48multiTDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg...

9.8CVSS8AI score0.04004EPSS
Exploits1References3
Prion
Prion
added 2008/06/26 5:41 p.m.12 views

Directory traversal

Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the zone parameter...

7.5CVSS7.6AI score0.03093EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder