213 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...
Investory Toy Planet Trouble App 安全漏洞
Investory Toy Planet Trouble App is an educational adventure game app developed by Investory. Versions of Investory Toy Planet Trouble App prior to 1.5.5 contained a security vulnerability, which was caused by the use of a hardcoded encryption key for the parameter currentkey...
EUVD-2016-10850
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...
CVE-2016-20048
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...
UBUNTU-CVE-2016-20048
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...
CVE-2016-20048
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...
CVE-2016-20048 iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...
CVE-2016-20048 iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte...
CVE-2016-20048
The CVE-2016-20048 entry concerns iSelect version 1.4.0-2+b1 that contains a local buffer overflow in the -k/--key parameter. An attacker can supply an oversized argument to overflow a 1024-byte stack buffer, enabling local code execution with the attacker’s privileges. The description details cr...
SUSE CVE-2026-26186
Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...
PT-2026-25139
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...
CVE-2018-25176
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...
WordPress plugin Page and Post Clone SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter
Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...
CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter
Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...
Fleet SQL注入漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained a SQL...
PT-2026-22054
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet is open source device management software. A SQL injection issue exists due to unsafe use of goqu.I when constructing the ORDER BY clause. This allows authenticated users to inject arbitrary SQL...
WAVLINK WL-WN579A3 命令注入漏洞
WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card developed by WAVLINK Corporation. The WAVLINK WL-WN579A3 versions 20210219 and earlier has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “key” in the file...
PT-2026-7858
An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...
CVE-2025-69752
An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...