CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop 3.6.1 and prior versions, which stems from a sensitive SQL cal...

Remote code execution

Aigital Wireless-N Repeater MiniRouter v0.131229 was discovered to contain a remote code execution RCE vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request...

CVE-2022-46640

Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request...

PT-2023-1282 · Moxa · Moxa Sds-3008 Series Industrial Ethernet Switch

Name of the Vulnerable Software and Affected Versions: Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1 Description: A denial of service issue exists in the web server functionality due to insufficient resources. Exploitation of this issue can allow a remote attacker to cause a denial ...

CVE-2022-34652

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...

CVE-2022-27631

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

PT-2022-6671 · Asus · Asuswrt

Name of the Vulnerable Software and Affected Versions: Asuswrt versions prior to 3.0.0.4.386 48706 Asuswrt-Merlin New Gen versions prior to 386.7 Description: A memory corruption issue exists in the httpd unescape functionality. This can be triggered by a specially-crafted HTTP request, leading t...

CVE-2021-44414

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44401

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44388

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-40416

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. All the Get APIs that are not included in cgicheckability are already executable by any logged-in users. An attacker can send an HTTP request to trigger...

CVE-2022-21134

A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability...

PT-2022-12090 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetIsp param...

PT-2022-12066 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetNtp param...

PT-2022-12092 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetMask para...

PT-2022-11234 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi session creation functionality. This can be triggered by a specially-crafted HTTP request, preventing users from logging in. An...

PT-2022-12088 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetEnc param...

PT-2022-12084 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetPtzPreset...

PT-2022-11232 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: An authentication bypass issue exists in the cgiserver.cgi Login functionality. A specially-crafted HTTP request can lead to authentication bypass, allowing an attacker to send an HTTP...