CVE-2025-15217

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely...

CVE-2025-56082

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the checkchanges in file /usr/lib/lua/luci/controller/admin/common.lua...

Linux Distros Unpatched Vulnerability : CVE-2022-0427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POS...

Exploit for SQL Injection in Mayurik Online_Tour_\&_Travel_Management_System

CVE-2025-8971 SQL Injection Author: Byte Reaper Des...

The vulnerability of the built-in web server boa (/boafrm/formPortFw) of TOTOLINK A702R router’s microprogramming software allows a hacker to induce a service failure.

The vulnerability of the built-in web server boa /boafrm/formPortFw of TOTOLINK A702R router’s microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the parameter servicetyp. Exploiting this vulnerability allows a malicious actor to caus...

The vulnerability of the built-in boa server (/boafrm/formSysLog) of the TOTOLINK A3002R router’s microprogramming software allows a intruder to cause a service failure.

The vulnerability of the built-in server boa /boafrm/formSysLog of the TOTOLINK A3002R router’s microprogramming software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious...

The vulnerability in the /goform/form2lansetup.cgi microprogramming system of D-Link DIR-816 allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in the /goform/form2lansetup.cgi microprogramming system of D-Link DIR-816 relates to the issue of data being written outside the buffer in memory during the processing of the IP parameter. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...

The vulnerability in the bridge_wireless_main.cgi script of the Netgear XR300 router’s software allows a hacker to induce a service failure.

The vulnerability in the bridgewirelessmain.cgi script of the Netgear XR300 router software lies in the copying of buffers without checking the size of the input data during the processing of the ssid parameter. Exploiting this vulnerability allows a malicious actor to cause service failure by...

PT-2024-7244 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: The issue is related to a buffer overflow vulnerability in the formSetWanPPPoE function of the /goform/formSetWanPPPoE file. This vulnerability can be exploited by sending a specially crafted...

The vulnerability of the formexeCommand() function in Tenda i21 router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formexeCommand function in Tenda i21 router microprogramming software is related to the operation that occurs outside the buffer in memory when processing the cmdinput parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality,...

CVE-2023-5495

A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata0title/searchdata0searchfield/searchdata0searchvalue...

2023 Online Course Registration 1.0 SQL Injection

Title: 2023-Online-Course-Registration-1.0-Bypass-login-SQLi-RCE-password-changing Author: nu11secur1ty Date: 05.25.2023 Vendor: https://github.com/nikhilkeshava Software: https://github.com/nikhilkeshava/online-course-registration- Reference: https://portswigger.net/web-security/sql-injection,...

TRENDnet 多款产品 代码问题漏洞

TRENDnet TEW-755AP and others are a router from Trendnet, a US-based company. Several Trendnet products are vulnerable to null pointer dereference. A remote attacker could use the vulnerability to send POST requests to applycgi via the lang operation without a language key, resulting in a denial ...

Engelsystem Cross-Site Request Forgery Vulnerability

Engelsystem is a shift planning system. The system includes features such as team management, event management, attendance management and mail system. A cross-site request forgery vulnerability exists in versions prior to Engelsystem commit hash 2e28336. A remote attacker can exploit this...

D-Link DIR-130 and DIR-330 Authentication Vulnerability

The D-Link DIR-130 and DIR-330 are both wireless router products from AUO D-Link. An authentication vulnerability exists in the D-Link DIR-130 with firmware version 1.23a and the DIR-330 with firmware version 1.12. A remote attacker can exploit this vulnerability by manipulating a POST request to...

Huawei Flybox B660 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Document Title: =============== Huawei Flybox B660 - POST Reboot CSRF Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2025 Release Date: ============= 2017-01-10 Vulnerability...

PayPal GP+ Cross Site Scripting

Document Title: =============== Paypal Inc Bug Bounty 47 ALYZ - Persistent Search Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=807 PayPal Security UID: dx1f89rtd Release Date: ============= 2013-11-19 Vulnerability Laboratory ID VL-ID:...

Paypal Inc BB #47 ALYZ - Persistent Search Vulnerability

Document Title: =============== Paypal Inc BB 47 ALYZ - Persistent Search Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=807 PayPal Security UID: dx1f89rtd Release Date: ============= 2013-11-18 Vulnerability Laboratory ID VL-ID:...

Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution

!/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Ubiquiti AirOS 0x90.nl Software link : http://www.ubnt.com/eula/?BACK=/downloads/XM-v5.5.2.build14175.bin Vendor site :...