12 matches found
CVE-2025-41355
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
PT-2026-29209
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
CVE-2025-15234
Affects: Tenda M3 router (version 1.0.0.13(4903)). Vulnerable component: /goform/setInternetLanInfo, specifically the function formSetRemoteInternetLanInfo manipulating arguments portIp/portMask/portGateWay/portDns/portSecDns, causing a heap-based buffer overflow. Impact: potential remote code ex...
CVE-2025-15234 Tenda M3 setInternetLanInfo formSetRemoteInternetLanInfo heap-based overflow
A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...
CVE-2025-15234 Tenda M3 setInternetLanInfo formSetRemoteInternetLanInfo heap-based overflow
A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...
EUVD-2025-205698
A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...
CVE-2021-47728
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...
CVE-2025-32102
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI...
CVE-2025-25893
An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...
CVE-2024-50998
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpnserviceport and openvpnserviceporttun parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted POST request...
Mercusys Mercury X18G 跨站脚本漏洞
The Mercusys Mercury X18G is a router from the Chinese company Mercusys. A cross-site scripting vulnerability exists in MERCUSYS Mercury X18G 1.0.5 devices, which originates via manual values for the src dport start, src dport end, and dest port parameters...
VulnCheck KEV: CVE-2025-34051
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...