PT-2023-19995 · Loonflow · Loonflow

Name of the Vulnerable Software and Affected Versions: loonflow version r2.0.14 Description: A Server-Side Request Forgery SSRF issue allows attackers to force the application to make arbitrary requests via manipulation of the hook url parameter. This enables attackers to potentially access...

CVE-2018-14713

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter...

CVE-2018-14712

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter...

Format string

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter...

Buffer overflow

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter...

CVE-2018-14710

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter...

Wonder CMS PHP Remote File Inclusion

Wonder CMS is an open source content management system CMS. A PHP remote file inclusion vulnerability exists in the editInplace.php file in Wonder CMS version 2014. A remote attacker can execute arbitrary PHP code with the help of the hook parameter in the URL...

CVE-2014-8705

The CVE-2014-8705 issue concerns Wonder CMS 2014, where editInplace.php is vulnerable to a PHP Remote File Inclusion. An attacker can trigger arbitrary PHP code execution by supplying a crafted URL in the hook parameter. Connected sources (CNVD-2017-03526) confirm the vulnerability exists in Wond...