Tenda AC10 安全漏洞

The Tenda AC10 is a wireless router from the Chinese company Tenda. The Tenda AC10 suffers from a buffer overflow vulnerability, which originates from the sub47D878 function's src parameter failing to correctly validate the length of the input data, which can be exploited by a remote attacker to...

CVE-2023-45480

Tenda AC10 version USAC10V4.0siV16.03.10.13cn was discovered to contain a stack overflow via the src parameter in the function sub47D878...

PT-2023-7588 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version US AC10V4.0si V16.03.10.13 cn Description: The issue is related to a stack overflow in the sub 47D878 function when handling the src parameter, potentially allowing a remote attacker to execute arbitrary code or cause a...

CVE-2023-37613

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

CVE-2023-37613

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

PT-2023-26043 · Assembly · Trialworks

Name of the Vulnerable Software and Affected Versions: Assembly Software Trialworks version 11.4 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the asset src parameter. This enables the execution of...

CVE-2023-37613

CVE-2023-37613 describes an XSS vulnerability in Assembly Software Trialworks v11.4, where an attacker can inject a crafted payload into the asset src parameter to execute arbitrary web scripts/HTML in the victim’s browser. The connected sources consistently identify the affected product/version ...

CVE-2020-19697

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

CVE-2016-5639

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. dot dot in the src parameter...

Wordpress fresh-page 插件-phpThumb.php文件src参数-跨站脚本漏洞

No description provided by source...

CVE-2014-8690

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...

CVE-2014-8690

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...

phpThumb Server-Side Request Forgery Vulnerability

phpThumb is a PHP class used to generate thumbnails of images. Versions of phpThumb prior to 1.7.12 configure the disabledebug option with a default value of false, which allows remote attackers to perform server-side request forgery SSRF attacks via the src parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter...

CVE-2009-5142

Cross-site scripting XSS vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter...

RokBox <= 2.13 - thumb.php src Parameter XSS

The wprokbox WordPress plugin was affected by a thumb.php src Parameter XSS security vulnerability...

TimThumb 'timthumb.php' < 2.8.14 WebShot 'src' Parameter Remote Command Execution

The TimThumb 'timthumb.php' script installed on the remote host is prior to version 2.8.14. It is, therefore, affected by a remote command execution vulnerability due to a failure to properly sanitize user-supplied input to the 'src' parameter. A remote, unauthenticated attacker can leverage this...

OctavoCMS Cross Site Scripting

This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC:...

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution

No description provided by source. AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution tested against: Microsoft Windows Vista sp2 Microsoft Windows Server 2003 r2 sp2 Mozilla Firefox 14.0.1 download url:...

WordPress Multiple Plugin - timthumb.php Vulnerabilites

This Multiple plugin is prone to a timthumb.php library vulnerabilities. The attacker controls domain such as blogger.com by hosting a malicious GIF file with code that is appended to the end on. Then provides it to the script through the src GET parameter. Solution Upgrade the plugin...