CVE-2019-13278

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if...

D-Link DIR-619L 安全漏洞

The D-Link DIR-619L is a cost-effective wireless router designed for home office Internet needs. The D-Link DIR-619L suffers from a buffer overflow vulnerability that stems from the improper handling of the wanconnected parameter in the formEasySetupWizard3 function, which can be exploited by an...

D-Link DIR-600L 安全漏洞

The D-Link DIR-600L is a wireless router from China-based AUO D-Link. The D-Link DIR-600L suffers from a buffer overflow vulnerability that originates from the parameter host of the function formEasySetupWizard that fails to correctly validate the length and size of the input data, which can be...

CVE-2024-25917

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1...

CVE-2024-9549

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated...

PVS Citrix Virtual Desktops Setup Wizard fails to create every other machine

When using PVS Citrix Virtual Desktops Setup Wizard, it creates machines however every other machine fails to be created. This typically means either all even numbers machines or odd numbers machines fails to be created depending on what number you start with...

WordPress TI WooCommerce Wishlist plugin <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access vulnerability

Missing Authorization to Unauthenticated Plugin Setup Wizard Access vulnerability discovered by abrahack in WordPress Plugin TI WooCommerce Wishlist versions = 2.9.1...

CVE-2024-49502

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

CVE-2024-49502

CVE-2024-49502 is a cross-site scripting vulnerability in the Setup Wizard, HTTP Proxy credentials pane of spacewalk-web. It affects SUSE Manager Server 4.3 (and related Spacewalk components) prior to versions updated by SUSE-SU-2024:4007-1, specifically before 4.3.42-150400.3.52.1 for the 4.3 li...

CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

SUSE CVE-2024-49502

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

D-Link DIR-605L 安全漏洞

The AUO DIR-605L is a wireless router from China's AUO D-Link. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the webpage parameter of the formWlanSetupWizard function in the /goform/formWlanSetupWizard page that fails to correctly validate the length of the...

CVE-2024-9549

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated...

D-Link DIR-605L 安全漏洞

The AUO DIR-605L is a wireless router from China's AUO D-Link. The AUO DIR-605L suffers from a buffer overflow vulnerability, which originates from the curTime parameter of the formEasySetupWizard/formEasySetupWizard2 function in the /goform/formEasySetupWizard page that fails to correctly valida...

CVE-2024-5939

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to read the...

WordPress plugin GiveWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-37254 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 3.13.0 Description: The issue is related to unauthorized access of data due to a missing capability check on the setup wizard function. This allows unauthenticat...