CVE-2021-41695

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php...

CVE-2021-41695

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php...

CVE-2021-41695

An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php...

Belloo SQL注入漏洞

Belloo, a "high quality" dating software from Belloo, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the ip parameter of connect.php, and can be exploited to execute illegal SQL commands to steal sensitive data from the database. sensitiv...

CVE-2020-18013

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?adminbanned/add.htm...

Sql injection

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?adminbanned/add.htm...

CVE-2020-18013

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?adminbanned/add.htm...

CVE-2020-18013

CVE-2020-18013 describes an SQL injection in Whatsns 4.0, exploitable through the ip parameter in index.php?admin_banned/add.htm. Root cause: failure to filter special characters in the ip parameter. Impact stated in connected docs: ability to execute SQL statements. No remediation details are pr...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in ping.php as IP parameter is not sanitized. 🕵️‍♂️ Proof of Concept Vulnerable Code: Ping Payload: Ping alert1 ? 💥 Impact This vulnerability is capable of reflected XSS...

CVE-2021-25812

Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/setonlineclient...

CVE-2021-25812

Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/setonlineclient...

China Mobile An Lianbao WF-1 命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 1.01, which originates from a POST request to api ZRQos to set up an online client via the "ip" parameter...

Seacms 11.1 Remote Command Execution

Exploit Title: Seacms 11.1 - 'ip and weburl' Remote Command Execution Date: 20201212 Exploit Author: j5s Vendor Homepage: https://www.seacms.net/ Software Link: https://www.seacms.net/ Version: 11.1 POST /SeaCMS111/5f9js3/adminip.php?action=set HTTP/1.1 Host: 192.168.137.139 User-Agent: Mozilla/5...

D-Link DAP-136 IP Parameter Command Execution Vulnerability

The D-Link DAP-136 is a wireless network signal extender. The D-Link DAP-136 suffers from a security vulnerability in the handling of IP parameters, which allows remote attackers to exploit the vulnerability by submitting a special request that can be used in an application context to execute...

CVE-2020-15033

NeDi 1.9C is vulnerable to cross-site scripting (XSS) via the snmpget.php ip parameter. Multiple connected sources (Red Hat advisory, CNVD, CNVD CNVD-2020-44580, NVD entry, OpenVAS entry, PRION, CVE record) confirm the same detail. The exact root cause is not elaborated beyond the parameter-based...

PT-2020-14420 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the ajax mod...

Cayin Signage Media Player 3.0 Root Remote Command Injection

!/usr/bin/env python3 Cayin Signage Media Player 3.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: SMP-8000QD v3.0 SMP-8000 v3.0 SMP-6000 v3.0 Build 19025 SMP-6000 v1.0 Build 14246 SMP-6000 v1.0 Build 14199 SMP-6000...

Moxa AWK-3121 Buffer Overflow Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'iwserverip' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...

CVE-2018-10703

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwserverip" is susceptible ...

Command injection

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request...