CVE-2023-38866

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and displayname...

CVE-2023-31852

Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting XSS in cgi-bin/luci/admin/network/wireless/config via the iface parameter...

Cudy Technology LT400 跨站脚本漏洞

The Cudy Technology LT400 is a wireless router from the Chinese company Cudy Technology. A security vulnerability exists in the Cudy Technology LT400 version 1.13.4, which originates from a security issue in the iface parameter in cgi-bin/luci/admin/network/wireless/config...

PT-2023-21296 · Sourcecodester · Sourcecodester Online Exam System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam System version 1.0 Description: A critical vulnerability was found in the SourceCodester Online Exam System, affecting unknown code of the file /kelasdosen/data. The manipulation of the argument columns1data leads t...

CVE-2022-43391

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted HTTP request...

PT-2023-1416 · Zyxel · Zyxel Nr7101

Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 firmware versions prior to V1.15ACCC.3C0 Description: The issue is caused by a buffer overflow vulnerability in the parameter of the CGI program. This could allow an authenticated attacker to cause denial-of-service DoS condition...

CVE-2022-34609

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp...

CVE-2022-34604

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /dotrace.asp...

CVE-2022-34609

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp...

H3C Magic R200 缓冲区错误漏洞

The H3C Magic R200 is a router from China's Xinhua San H3C. A security vulnerability exists in the H3C Magic R200 R200V200R004L02 version, which stems from the INTF parameter in dotrace.asp found to contain a stack overflow...

RaspAP 操作系统命令注入漏洞

RaspAP is a simple wireless AP setup and management for Debian-based devices. An operating system command injection vulnerability exists in RaspAP, which stems from the failure to properly filter "interface", "ssid" in /hostapd in RaspAP versions 2.6 through 2.6.5, ";", "$" and other special...

CVE-2020-24841

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

PT-2020-15319 · Jenkins · Jenkins Git Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Parameter Plugin versions 0.9.11 and earlier Description: The issue results in a stored cross-site scripting vulnerability. It is exploitable by users with Job/Configure permission due to the parameter name not being escaped on th...

CVE-2020-3927

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2018-02621)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in CMS Made Simple CMSMS 2.2.5. The vulnerability can be exploited to conduct cross-site scripting attacks via the m1messages...

CVE-2018-5655

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter...

CVE-2016-2387

Multiple cross-site scripting XSS vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 ns or 2 interface parameter to ProxyServer/register, aka SAP Security Note 2220571...