46 matches found
CVE-2024-51151
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the mspinfohtm function via the flag parameter and cmd parameter...
PT-2023-31738 · Totolink · Totolink Ex1800T
Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue allows for unauthorized arbitrary command execution. This is achieved through the langFlag parameter of the "setLanguageCfg" interface in the "cstecgi.cgi" endpoint...
CVE-2022-35523
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter delmac and parameter flag, which leads to command injection in page /cliblacklist.shtml...
PT-2022-22886 · Wavlink · Wavlink Wn530H4 +4
Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue concerns a lack of filtering on the del mac and flag parameters in the firewall.cgi, leading to command injection in the /cli black...
TOTOLINK A720R Stack Overflow Vulnerability (CNVD-2022-17121)
TOTOLINK A720R is a wireless router.TOTOLINK A720R v4.1.5cu.470B20200911 is vulnerable to a stack overflow vulnerability, which can be exploited by attackers to cause a denial of service DoS via the flag parameter...
CVE-2021-45739
TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a stack overflow in the FormLogin function. This vulnerability allows attackers to cause a Denial of Service DoS via the flag parameter...
PT-2022-12381 · Totolink · Totolink A720R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.470 B20200911 Description: A stack overflow was discovered in the Form Login function, allowing attackers to cause a Denial of Service DoS via the flag parameter. Recommendations: For TOTOLINK A720R version...
Totolink A720R 缓冲区错误漏洞
TOTOLINK A720R is a wireless router.TOTOLINK A720R v4.1.5cu.470B20200911 is vulnerable to a stack overflow vulnerability, which can be exploited by attackers to cause a denial of service DoS via the flag parameter...
CVE-2020-18877
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'...
Sql injection
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'...
CVE-2018-8879
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters ar...
CVE-2018-8879
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters ar...
Command Injection
opencv is vulnerable to command injection. User input is not validated for the flag parameter, which would allow an attacker to inject and execute arbitrary commands...
CVE-2019-7418
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.2508-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc...
ASUS RT-N14UHP 'flag' parameter cross-site scripting vulnerability
The ASUS RT-N14UHP is a wireless router device from ASUS. A cross-site scripting vulnerability exists in the 'flag' parameter in ASUS RT-N14UHP devices prior to version 3.0.0.4.380.8015. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2017-12590
ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter...
CVE-2017-12590
ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter...
SQL Injection Vulnerability in CMS ArticleAction.class.php Page
Fargo CMS is a marketing enterprise building system based on PHP + MYSQL as the core development. A SQL injection vulnerability exists in the CMS ArticleAction.class.php page. The vulnerability is due to the system flag parameter does not filter the data submitted by the user, a remote attacker c...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the 1 nextpage, 2 groupid, 3 actionscript, or 4 flag parameter to startapply.htm...
CVE-2015-2681
Multiple cross-site scripting XSS vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the 1 nextpage, 2 groupid, 3 actionscript, or 4 flag parameter to startapply.htm...