Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from China Hopkins Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from a...

PT-2022-20446 · Openstack +2 · Openstack-Barbican +2

Name of the Vulnerable Software and Affected Versions: openstack-barbican affected versions not specified Description: A flaw was found in the openstack-barbican component, allowing an access policy bypass via a query string when accessing the API. Recommendations: At the moment, there is no...

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

CVE-2022-1580

The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature...

WordPress plugin Site Offline 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in the WordPress...

Site Offline < 1.5.3 - Access Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. PoC https://example.com/?admin...

CVE-2022-34970

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

CVE-2022-34970

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A950RG allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the TOTOLink A950RG microcontroller software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming system of the TOTOLink T6 mesh system allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming system of the TOTOLink T6 mesh system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A3600R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A3600R router lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software allows a intruder to execute any command they desire.

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A3100R router allows a intruder to execute any command they desire.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A3100R router lies in the lack of measures to sanitize input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands through the QUERYSTRING parameter from a remote...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A800R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A800R router is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A830R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the TOTOLink A830R microcontroller-based router software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A810R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A810R router is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the Main function in the microprogrammed software of TOTOLink T10 allows a hacker to execute arbitrary commands.

The vulnerability of the Main function in the microprogrammed routing software TOTOLink T10 is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

CVE-2022-35911

On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced...

CVE-2022-35911

On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced...

GHSA-Q8HG-3VQV-F8V3 Fava vulnerable to Reflected Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2. The querystring parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2...