131 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-22293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter. CVE-2022-22293 Note that Nessus relies on the...
CVE-2024-57019
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...
CVE-2019-7337
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
CVE-2025-3487
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Forminator Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
The vulnerability of the setVpnAccountCfg function in the microprogramming software for TOTOLINK X5000R allows a perpetrator to execute arbitrary commands.
The vulnerability of the setVpnAccountCfg function in TOTOLINK X5000R router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s processing of the limit parameter. Exploiting this vulnerability allows a remote attacker to execute...
CVE-2024-57019
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...
CVE-2024-57019
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...
CVE-2024-57019
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...
TOTOLINK X5000R 安全漏洞
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "limit" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...
CVE-2024-57019
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...
PT-2025-1232 · Totolink · Totolink X5000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an OS command injection vulnerability. This vulnerability can be exploited via the limit parameter in the setVpnAccountCfg function. The vulnerability allows ...
RediSearch 安全漏洞
RediSearch is a Redis module from the RediSearch open source that provides queries, secondary indexes, and full-text searches for Redis. A security vulnerability exists in RediSearch that originates from an authenticated redis user executing FT.SEARCH with a specially crafted LIMIT or KNN command...
Code-Projects Job Recruitment 注入漏洞
Code-Projects Job Recruitment is an open source job portal from Code-Projects. Code-Projects Job Recruitment version 1.0 has an injection vulnerability that originates from the jid/limit parameter of the /parse/alledits.php file containing a SQL injection vulnerability...
HSC Cybersecurity HC Mailinspector 安全漏洞
HSC Cybersecurity HC Mailinspector is a cloud email security solution from HSC Cybersecurity. A security vulnerability exists in HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18. A remote attacker can exploit this vulnerability to obtain sensitive information about the start an...
Exploit for SQL Injection in Hsclabs Mailinspector
CVE-2024-32369 Description: SQL Injection vulnerability i...
PT-2024-24537 · Hsc Cybersecurity · Hc Mailinspector
Name of the Vulnerable Software and Affected Versions: HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18 Description: The issue allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameters in the "mliWhiteList.php" component...
CVE-2024-24023
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...
CVE-2024-24014
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list...
PT-2024-20235 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions prior to 4.3.0-RC1 Description: A SQL injection issue exists, allowing an attacker to perform SQL injection by passing crafted offset, limit, and sort parameters via the "/common/dict/list" API endpoint. Recommendations: F...