CVE-2023-45574

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and...

D-Link DI-7003G Buffer Error Vulnerability

The D-Link DI-7003G is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7003G, which can be exploited to execute arbitrary code via the fn parameter of the file.data function...

D-Link DI-7003G Buffer Error Vulnerability

The D-Link DI-7003G is a wireless router from China-based D-Link. A security vulnerability exists in the D-Link DI-7003G, which can be exploited to execute arbitrary code via the fn parameter of the tgfile.htm function...

CVE-2022-43106

Tenda AC23 V16.03.07.45cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function...

CVE-2022-20385

a function called 'nlaparse', do not check the len of para, it will check nlatype which can be controlled by userspace with 'maxtype' in this case, it is GSCANMAX, then it access polciy array 'policytype', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819...

PT-2022-23864 · Cuppacms · Cuppacms

Name of the Vulnerable Software and Affected Versions: CuppaCMS version 1.0 Description: The issue allows an authenticated user to execute remote code, providing control over certain parameters. Specifically, the /api/index.php API endpoint is affected, where an attacker can manipulate the action...

CVE-2022-37778

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the currenttime parameter of the time function...

CVE-2022-37801

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand...

Authenticated-RCE-CuppaCMS

Authenticated-RCE-CuppaCMS CuppaCMS is vulnerable to Authentic...

Incompatability with deflationary / fee-on-transfer tokens

Handle cmichel Vulnerability details Vulnerability Details The DInterest.deposit function takes a depositAmount parameter but this parameter is not the actual transferred amount for fee-on-transfer / deflationary or other rebasing tokens. Impact The actual deposited amount might be lower than the...

CVE-2020-10514 iCatch DVR - Command Injection

iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command...

CVE-2019-7418

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.2508-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc...

CVE-2018-6459

The rsapssparamsparse function in libstrongswan/credentials/keys/signatureparams.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter...

CVE-2017-11629

dayrui FineCms through 5.0.10 has Cross Site Scripting XSS in controllers/api.php via the function parameter in a c=api&m=data2 request...

Cross site scripting

dayrui FineCms through 5.0.10 has Cross Site Scripting XSS in controllers/api.php via the function parameter in a c=api&m=data2 request...

akcms code execution vulnerability-vulnerability warning-the black bar safety net

Last week digging out of the akcms background stencil getshell feeling nothing new, and then carefully looked at the code, found a comparison with“the future”of the hole, the code execution vulnerability, and the problem function is that the authors provided to the station user for secondary...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the a 5 or b 9 field in a post action to ticketfunction.php, reachable through ticketsubmit.php and index.php; c the which parameter to...

Directory traversal

Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 file or 2 function parameter...