163 matches found
CVE-2025-29044
The CVE-2025-29044 entry concerns a Buffer Overflow in NETGEAR R61 router (version 1.0.1.28) caused by improper handling of the QUERY_STRING key value, enabling a remote attacker to execute arbitrary code. Affected product is NETGEAR R61; vulnerable component is the QUERY_STRING handling. In the ...
CVE-2024-7443 Vivotek IB8367A upload_file.cgi getenv command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to launch the attack remotely. The...
CVE-2024-7442 Vivotek SD9364 upload_file.cgi getenv command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. The attack may be initiated remotely. The...
CVE-2022-48069
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...
Command injection
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...
CVE-2022-48069
Totolink A830R V4.1.2cu.5182 is affected by CVE-2022-48069: a command injection via QUERY_STRING parameter, allowing network-based exploitation with no user interaction. Reported CVSSv3.1 base score 7.5 (High); impact on confidentiality (High) with no integrity/availability impact. Exploitation a...
CVE-2022-48069
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...
CVE-2022-48069
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...
Cross-site Scripting (XSS)
fava is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the querystring parameters of Query.svelte, allowing an attacker to inject and execute malicious javascript...
CVE-2022-32092
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...
Command injection
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...
CVE-2022-32092
CVE-2022-32092 affects the D-Link DIR-645 router (v1.03) with a command injection vulnerability exposed through the QUERY_STRING parameter in the __ajax_explorer.sgi endpoint. Red Hat/OpenVAS/CVE aggregations and the NVD entry all describe this as a remote, unauthenticated, network-executable iss...
CVE-2022-32092
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...
EUVD-2022-53360
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...
WordPress plugin Anti-Malware Security and Brute-Force Firewall跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress plugin Anti-Malware Security and Brute-Force Firewall is vulnerable to cross-site scripting. The...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53559)
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK Electronics. TOTOLINK N600R has a command injection vulnerability, which originates from the "Main" function containing command injection, and can be exploited to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-27411
TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...
Command injection
TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...
CVE-2022-27411
TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...
CVE-2022-0953 Anti-Malware Security and Brute-Force Firewall < 4.20.96 - Reflected Cross-Site Scripting
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...