CVE-2023-1097

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party...

PT-2023-16751 · Baicells · Baicells Eg7035-M11

Name of the Vulnerable Software and Affected Versions: Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 Description: The issue concerns improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and are executed with root permissions...

CVE-2017-16636

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...

金窗教务系统 /web/web/lanmu/lanmushow.asp 等3处需要Referer头的GET型注入

No description provided by source...

金窗教务系统 /web/web/web/showfj.asp 等14处GET注入

No description provided by source...

SQL Injection Vulnerability in RuvarOA Collaboration Office Platform of Guangzhou Luhua Computer Co.

Guangzhou Luhua Computer Co., Ltd RuvarOA collaborative office platform is a kind of enterprise office system. The product /DepartmentPlan/departmentplanattachdownload.aspxsysfilestorageid= there is a SQL injection vulnerability, the vulnerability parameter is sysfilestorageid, the type of GET...