EUVD-2009-4645

Malware in sbrugna...

D-Link DIR-852 cgibin file command injection vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that originates from the parameter ST of the component Simple Servi...

CVE-2025-10629

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

CVE-2023-33625

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbcsystem function...

CVE-2023-33625

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbcsystem function...

Command injection

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbcsystem function...

CVE-2023-33625

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbcsystem function...

D-Link DIR-600 命令注入漏洞

The D-Link DIR-600 is a wireless router from China's AUO D-Link. The D-Link DIR-600 suffers from a command injection vulnerability that stems from the ST parameter in the lxmldbcsystem function failing to properly filter construct command special characters, commands, and so on. An attacker can...

CVE-2023-33625

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbcsystem function...

CVE-2020-15037

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st parameter...

CVE-2009-3360

Multiple cross-site scripting XSS vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 return parameter to photoview.php, and st parameter to 2 photosearch.php and 3 search.php...

CVE-2008-2458

Cross-site scripting XSS vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter...

CVE-2006-4543

Cross-site scripting XSS vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the 1 game parameter in players mode, the 2 weapon parameter in weaponinfo mode, the 3 st parameter in search mode, the 4 action parameter in actioninfo mode, and...

CVE-2005-3395

SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter...

Invision Power Board 1.x - 'ST' SQL Injection

source: https://www.securityfocus.com/bid/13097/info Invision Power Board is reported prone to an SQL injection vulnerability. Due to improper filtering of user-supplied data, attackers may pass SQL statements to the underlying database through the 'st' parameter. Invision Power Board 1.3.1 and...