Code-Projects Simple Scheduling System SQL注入漏洞

Simple Scheduling System is a simple scheduling system. Simple Scheduling System has a SQL injection vulnerability that originates from the starttime/endtime parameters in the /addtime.php file not being securely filtered. An attacker can exploit this vulnerability to execute malicious SQL comman...

Tenda RX3 安全漏洞

Tenda RX3 is a dual-band WiFi home wireless router from China's Tenda. A buffer overflow vulnerability exists in Tenda RX3. The vulnerability originates from a buffer overflow in the schedStartTime and schedEndTime parameters in /goform/saveParentControlInfo, which can lead to a denial of service...

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-823G EndTime parameter due to incorrect boundary checking in the SetParentsControlInfo function, which can be exploited by an attacker to cause a denial of service...

PT-2023-5733 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G version A1V1.0.2B05 Description: The issue is related to a buffer overflow in the SetParentsControlInfo function when handling the EndTime parameter. This allows attackers to cause a Denial of Service DoS via a crafted input...

Tenda AC8 /goform/openSchedWifi Buffer Overflow Vulnerability

Tenda AC8 is a dual-band Gigabit wireless router from Tenda, designed for fiber optic homes up to 1000 megabytes, supporting dual-band concurrent transmission rates up to 1167Mbps, equipped with full Gigabit ports 1 WAN port + 3 LAN ports for 100-1000 megabit broadband access. The Tenda AC8 suffe...

PT-2023-27686

Name of the Vulnerable Software and Affected Versions Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description A stack overflow issue was discovered via parameters schedStartTime and schedEndTime at the "/goform/openSchedWifi" endpoint. Recommendations For Tenda AC8 version US AC8V4.0si...

PT-2022-27158 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the parameters week, sTime, and eTime in the setParentalRules function. Recommendations: For TOTOLINK LR350 version...

CVE-2022-41524

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function...

PT-2022-21076 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.9cu.5179 B20201015 Description: A stack overflow issue was discovered in the TOTOLINK T6, affecting the desc, week, sTime, and eTime parameters within the FUN 004133c4 function. Recommendations: For TOTOLINK T6 version...

CVE-2022-29641

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

SQL Injection Vulnerability in KenCMS V1.1 Enterprise Member Experience System end_time Parameter

KenCMS is a content management system. A SQL injection vulnerability exists in the KenCMS V1.1 Enterprise Member Experience system. The lack of filtering of the 'endtime' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...