CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop 3.6.1 and prior versions, which stems from a sensitive SQL cal...

Fastweb FASTGate 缓冲区错误漏洞

Fastweb FASTGate is a modem from Fastweb Italy. A security vulnerability exists in the Fastweb FASTGate MediaAccess FGA2130FWB 18.3.n.0482FW230FGA2130 firmware version and the DGA4131FWB 18.3.n.0462FW261DGA4131 and previous firmware versions, which stems from a security flaw that allows a remote...

Remote code execution

Aigital Wireless-N Repeater MiniRouter v0.131229 was discovered to contain a remote code execution RCE vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request...

CVE-2022-46640

Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request...

PT-2023-1282 · Moxa · Moxa Sds-3008 Series Industrial Ethernet Switch

Name of the Vulnerable Software and Affected Versions: Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1 Description: A denial of service issue exists in the web server functionality due to insufficient resources. Exploitation of this issue can allow a remote attacker to cause a denial ...

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution RCE Authenticated Date: 19/10/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64 routerhos...

CVE-2022-34652

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...

CVE-2022-27631

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

PT-2022-6671 · Asus · Asuswrt

Name of the Vulnerable Software and Affected Versions: Asuswrt versions prior to 3.0.0.4.386 48706 Asuswrt-Merlin New Gen versions prior to 386.7 Description: A memory corruption issue exists in the httpd unescape functionality. This can be triggered by a specially-crafted HTTP request, leading t...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from the American company Cisco Cisco. A buffer overflow vulnerability exists in the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, which stems from insufficient authentication of the user field in incoming HTTP packets. An attacker could exploit...

CVE-2022-1248

A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAPInformationSystem/controllers/addadmin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploi...

Menubar < 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting " /...

CVE-2021-44414

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44401

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44388

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-40416

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. All the Get APIs that are not included in cgicheckability are already executable by any logged-in users. An attacker can send an HTTP request to trigger...

CVE-2022-21134

A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability...

PT-2022-12090 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetIsp param...

PT-2022-12088 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetEnc param...