17 matches found
Tenda AC15 安全漏洞
The Tenda AC15 is a wireless router produced by the Chinese company Tenda. The Tenda AC15V1.0 V15.03.05.18multi version has a security vulnerability. This vulnerability stems from the lack of checking for the v1 parameter in the goform/formsetUsbUnload function, which may lead to command injectio...
CVE-2019-25446
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...
JeeWMS 安全漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 1.0 of JEEWMS has a security vulnerability, which stems from the id1 and id2 parameters in the /systemControl.do interface, making them vulnerable to SQL injection attacks...
CVE-2026-1042
The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'digitone' and 'digittwo' parameters in all versions up to, and including, 1.02 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1042
CVE-2026-1042 stems from the WP Hello Bar WordPress plugin. Wordfence reports a Stored Cross-Site Scripting vulnerability in all versions up to 1.02 via the digit_one and digit_two parameters, exploitable by authenticated attackers with administrator-level access and above. The impact is arbitrar...
WordPress WP Hello Bar plugin <= 1.02 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'digitone' and 'digittwo' Parameters vulnerability discovered by 0x34rth in WordPress Plugin WP Hello Bar versions = 1.02...
UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079178)
The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates...
CVE-2024-44639
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php...
cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding
A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...
Tenda FH1206 安全漏洞
The Tenda FH1206 is a wireless router from Tenda China. The Tenda FH1206 suffers from a buffer overflow vulnerability that originates from the list1 parameter of ip/goform/DhcpListClient failing to properly validate the length of the input data, which can be exploited by an attacker to execute...
Moses Operating System Command Injection Vulnerability
Moses is a statistical machine translation system. An operating system command injection vulnerability exists in Moses mosesdecoder version 4.0 and earlier versions, which stems from the fact that incorrect manipulation of the parameter input1 can lead to operating system command injection...
GHSA-X3X3-QWJQ-8GJ4 Apache CXF Server-Side Request Forgery vulnerability
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
PT-2022-5713 · NetGear · Netgear R7000P
Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.1.64 Description: The issue is related to buffer overflow errors in the NETGEAR R7000P router's software. Exploitation of this issue may allow a remote attacker to execute arbitrary code through parameters KEY1 and...
Tenda Ax3 命令注入漏洞
Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A command injection vulnerability exists in Tenda AX3 v16.03.12.10CN, which can be exploited by an attacker to cause a denial of service DoS via the gateway, dns1, and dns2 parameters...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-7315
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter...
DEBIAN-CVE-2010-1594
Multiple cross-site scripting XSS vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via 1 the query string, 2 the BASE parameter, or 3 the ega1 parameter. NOTE: some of these details are obtained from third party...