EUVD-2022-55966

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

CVE-2022-50994

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

CVE-2022-50994

The affected product is DrayTek Vigor 2960 with firmware versions prior to 1.5.1.4. The vulnerability is an OS command injection in the CGI login handler, exploitable by an unauthenticated remote attacker who injects shell metacharacters into the formpassword parameter; the input reaches the otp_...

CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

DrayTek Vigor 2960 操作系统命令注入漏洞

The DrayTek Vigor 2960 is a router product developed by DrayTek Corporation. Versions prior to 1.5.1.4 of the DrayTek Vigor 2960 contained an operating system command injection vulnerability. This vulnerability stemmed from issues with OS command injection in the CGI login processing mechanism. I...

PT-2026-38912

Name of the Vulnerable Software and Affected Versions DrayTek Vigor 2960 versions prior to 1.5.1.4 Description An OS command injection issue exists in the CGI login handler. Unauthenticated remote attackers can execute arbitrary commands with web server privileges by injecting shell metacharacter...

EUVD-2024-55086

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...

CVE-2024-46334

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...

CVE-2024-46334

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...

PT-2025-47170

Name of the Vulnerable Software and Affected Versions kashipara School Management System version 1.0 Description The software is susceptible to Cross Site Scripting XSS. The issue affects the /adminLogin.php endpoint, specifically through the formuser and formpassword parameters. Successful...

CVE-2024-46334

CVE-2024-46334 affects Kashipara School Management System 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable through the parameters formuser and formpassword in /adminLogin.php . The root cause is unvalidated/sanitized user input in this login endpoint, enabling scripts to be...

CVE-2024-46334

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...