11 matches found
CVE-2025-47384
Transient DOS when MAC configures config id greater than supported maximum value...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from accessing oaconfig-id after releasing a lock in the xeoaaddconfigioctl function, which could lead to...
Advantech iView SQL Injection Vulnerability (CNVD-2025-31064)
Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass of the ztpconfigid parameter of the NetworkServlet...
CVE-2022-50591
Advantech iView prior to version v5.7.04 build 6425 contains a vulnerability in the SNMP management tool that lets remote attackers bypass authentication and perform a SQL injection in the ztp_config_id parameter of the NetworkServlet endpoint. Successful exploitation can lead to exfiltration of ...
EUVD-2021-34703
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting XSS via BPI config ID handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2021-47696 Nagios XI < 5.8.0 XSS via BPI Config ID Handling
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting XSS via BPI config ID handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2021-47696 Nagios XI < 5.8.0 XSS via BPI Config ID Handling
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting XSS via BPI config ID handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
The vulnerability of the software for creating wireless routers based on Debian RaspAP, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.
The vulnerability of the software for creating wireless routers based on Debian RaspAP is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted POST request with t...
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfgid parameter in /ajax/openvpn/activateovpncfg.php and /ajax/openvpn/delovpncfg.php...
RaspAP Command Injection Vulnerability
RaspAP is a simple wireless AP setup and management for Debian-based devices. A security vulnerability exists in RaspAP versions 2.8.0 through 2.8.7 that stems from the presence of a command injection vulnerability. Allows an attacker to execute arbitrary commands via the parameter cfgid...
CVE-2019-12542
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter...