TOTOLINK EX200 安全漏洞

The TOTOLINK EX200 is a 2.4G wireless N range extender designed to extend the coverage of existing Wi-Fi networks. A buffer overflow vulnerability exists in the TOTOLINK EX200. The vulnerability originates from the file /cgi-bin/cstecgi.cgi?action=save&setting The function getSaveConfig as...

PT-2024-15962 · Unknown · Asterisk-Cli +1

Name of the Vulnerable Software and Affected Versions: Issabel PBX version 4.0.0 Description: A critical issue affects the processing of the file /index.php?menu=asterisk cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be...

PT-2023-8104 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS version 7.01 Description: A critical issue was found in OTCMS, related to the lack of protection for the SQL query structure. This allows a remote attacker to gain unauthorized access to protected information. The issue is associated wi...

SAMSUNG sww-3400rw 跨站脚本漏洞

The SAMSUNG sww-3400rw Router is a wireless router from Samsung South Korea. The SAMSUNG sww-3400rw suffers from a cross-site scripting vulnerability that originates from cross-site scripting via the m2 parameter of sess-bin/command.cgi...

SUSE CVE-2006-2871

PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter. NOTE: CVE disputes this issue, since $scriptpath is set to a constant value...

SUSE CVE-2016-5143

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

SUSE CVE-2016-5144

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

CVE-2023-0561

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The explo...

CVE-2022-36730

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php...

CVE-2022-38556

Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh...

CVE-2022-38556

Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh...

Digital Watchdog DW MEGApixel IP cameras 操作系统命令注入漏洞

Digital Watchdog DW MEGApixel IP cameras is a series of webcam solutions from Digital Watchdog USA. An operating system command injection vulnerability exists in Digital Watchdog DW MEGApixel IP cameras version A7.2.220211029, which originates from a command injection contained in the component...

CVE-2022-30381

Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggersmerch/classes/Master.php?f=deleteimg...

Wavlink WL-WN531P3 操作系统命令注入漏洞

The WAVLINK WL-WN531P3 is a wireless router from China's RuiYin Technology WAVLINK. The Wavlink WL-WN531P3 router suffers from an operating system command injection vulnerability that allows attackers to achieve unauthorized remote code execution via a malicious POST request to /cgi-bin/adm.cgi...

Hoosk CMS 安全漏洞

Hoosk is a lightweight user-centric content management system CMS with a built-in Codelgniter for creating responsive websites. The system has a built-in Codelgniter for creating responsive websites. An unspecified vulnerability in /install/index.php in Hoosk version 1.8.0 stems from the program'...

CVE-2020-28899

The Web CGI Script on ZyXEL LTE4506-M606 V1.00ABDO.2C0 devices does not require authentication, which allows remote unauthenticated attackers via crafted JSON action data to /cgi-bin/gui.cgi to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi...

pcp: Local privilege escalation in pcp spec file %post section

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

CVE-2020-1984

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with ‘create folders or append data’ access to the root of the OS disk C: to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo f...

Indexhibit Reinstallation Vulnerability

Indexhibit is a content management system CMS. A security vulnerability exists in Indexhibit version 2.1.5. The vulnerability can be exploited by an attacker to execute code via /ndxzstudio/install.php?p=2...

CVE-2016-10807

cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost SEC-112...