Totolink A7100RU Buffer Overflow Vulnerability

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A7100RU version 7.4cu.2313B20191024 suffers from a buffer overflow vulnerability, which originates from the failure of the e8 parameter in the component HTTP POST Request Handler to correctly validate t...

CVE-2023-6906

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer...

Buffer overflow

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer...

CVE-2023-6905

A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiate...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiate...

CVE-2023-6906

Summary: CVE-2023-6906 affects Totolink A7100RU. The issue resides in the HTTP POST Request Handler, specifically the function main in the file /cgi-bin/cstecgi.cgi?action=login, where the e8 parameter input is not properly validated, causing a buffer overflow. This condition can be triggered rem...

CVE-2023-6901

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

CVE-2023-6901

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

Command injection

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

CVE-2023-6901

CVE-2023-6901 affects codelyfe Stupid Simple CMS versions up to 1.2.3. The vulnerability lies in the HTTP POST Request Handler’s file /terminal/handle-command.php, where using the argument with input “whoami” enables an OS command injection. The issue is exploitable remotely and an exploit has be...

PT-2023-32305 · Supsystic · Digital Publications By Supsystic

Name of the Vulnerable Software and Affected Versions: Digital Publications by Supsystic plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is due to missing or incorrect nonce validation on the AJAX action handler, making it possible for unauthenticated attackers to...

CVE-2023-6576

A vulnerability was found in Byzoro S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument fileupload leads to unrestricted upload. The attack can ...

CVE-2023-6576

CVE-2023-6576 affects Byzoro S210 (up to 20231123) and also mentions Beijing Baichuo S210 in related records. The vulnerability is in the HTTP POST Request Handler’s /Tool/uploadfile.php, where manipulating the file_upload argument enables unrestricted file uploads. This allows remote exploitatio...

CVE-2023-6574

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1fileupload leads to unrestricted upload...

CVE-2023-6575

CVE-2023-6575 affects Beijing/Byzoro S210 up to 20231121. A SQL injection arises from manipulating the txt argument in the /Tool/repair.php HTTP POST handler, enabling remote exploitation. Public exploits/disclosures exist. Several connected sources corroborate the affected component and vulnerab...

CVE-2023-6574

CVE-2023-6574 affects Byzoro Smart S20 (up to 20231120) and Beijing Baichuo Smart S20. The flaw is in the HTTP POST Request Handler, specifically the 1_file_upload argument in /sysmanage/updateos.php, whose manipulation leads to unrestricted file upload. The vulnerability allows remote exploitati...

CVE-2023-6075

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack...

CVE-2023-6075 PHPGurukul Restaurant Table Booking System Reservation Request index.php cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack...

PHPGurukul Restaurant Table Booking System Security Vulnerability

PHPGurukul Restaurant Table Booking System is a restaurant table reservation system. A security vulnerability exists in PHPGurukul Restaurant Table Booking System version 1.0, which originates from a cross-site scripting XSS vulnerability in the file index.php of the component Reservation Request...

PT-2023-32500 · Unknown · Phpgurukul Restaurant Table Booking System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Restaurant Table Booking System version 1.0 Description: A problematic vulnerability has been found in the PHPGurukul Restaurant Table Booking System, affecting an unknown function of the file index.php of the component Reservation...