94 matches found
CVE-2025-67036
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...
Lantronix EDS5000 安全漏洞
The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from improper handling of the parameter for the Log Info page file name. It could allow authenticat...
CVE-2025-67036
CVE-2025-67036 affects Lantronix EDS5000 series (notably 2.1.0.0R3) where the Log Info page allows log file viewing by name. A missing sanitization in the file name parameter enables an authenticated attacker to inject arbitrary OS commands, executed with root privileges, leading to a high-severi...
CVE-2025-67036
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...
PT-2026-22364
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products id parameter. Attackers can modify the products id value in product info.php requests and append boolean-based SQL injection...
EUVD-2025-205838
A Stored Cross-Site Scripting XSS vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meetingroom parameter and executed when users visit the Conference Info page, allowing attackers...
CVE-2025-15357 D-Link DI-7400G+ msp_info.htm command injection
A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /mspinfo.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-15357 D-Link DI-7400G+ msp_info.htm command injection
A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /mspinfo.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-66823
An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...
CVE-2025-66823
An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...
CVE-2025-66824
A Stored Cross-Site Scripting XSS vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meetingroom parameter and executed when users visit the Conference Info page, allowing attackers...
CVE-2025-66823
An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...
CVE-2025-66823
An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...
PT-2025-54221
Name of the Vulnerable Software and Affected Versions TrueConf versions 5.5.2.10813 Description A flaw exists in TrueConf server version 5.5.2.10813 that allows for the injection of arbitrary HTML code through the conference description field. This issue is present in the Create/Edit conference...
CVE-2025-66824
TrueConf Server v5.5.2.10813 is affected by a Stored XSS in the Meeting location field (Create/Edit Conference) where input in the meeting_room parameter is stored and executed on the Conference Info page, enabling full Account Takeover (ATO). Root cause: improper sanitization of user-supplied in...
PT-2025-54215
Name of the Vulnerable Software and Affected Versions TrueConf Server version 5.5.2.10813 Description A Stored Cross-Site Scripting XSS issue exists in the Meeting location field within the Create/Edit Conference functionality. The issue is due to improper sanitization of user-supplied input in t...
CVE-2025-66824
A Stored Cross-Site Scripting XSS vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meetingroom parameter and executed when users visit the Conference Info page, allowing attackers...
CVE-2025-66823
CVE-2025-66823 describes an HTML injection vulnerability in TrueConf Server 5.5.2.10813 in the conference description field. The issue allows an attacker to inject arbitrary HTML in Create/Edit conference functionality, with execution when the victim views the Conference Info page. Affected compo...
CVE-2025-13795
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scriptin...
EUVD-2025-199939
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scriptin...