Code-Projects Simple Scheduling System SQL注入漏洞

Simple Scheduling System is a simple scheduling system. Simple Scheduling System has a SQL injection vulnerability that originates from the starttime/endtime parameters in the /addtime.php file not being securely filtered. An attacker can exploit this vulnerability to execute malicious SQL comman...

Tenda RX3 安全漏洞

Tenda RX3 is a dual-band WiFi home wireless router from China's Tenda. A buffer overflow vulnerability exists in Tenda RX3. The vulnerability originates from a buffer overflow in the schedStartTime and schedEndTime parameters in /goform/saveParentControlInfo, which can lead to a denial of service...

CVE-2023-24334

A stack overflow vulnerability in Tenda AC23 with firmware version USAC23V1.0reV16.03.07.45cnTDC01 allows attackers to run arbitrary commands via schedStartTime parameter...

Tenda AC8 /goform/openSchedWifi Buffer Overflow Vulnerability

Tenda AC8 is a dual-band Gigabit wireless router from Tenda, designed for fiber optic homes up to 1000 megabytes, supporting dual-band concurrent transmission rates up to 1167Mbps, equipped with full Gigabit ports 1 WAN port + 3 LAN ports for 100-1000 megabit broadband access. The Tenda AC8 suffe...

PT-2023-27686

Name of the Vulnerable Software and Affected Versions Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description A stack overflow issue was discovered via parameters schedStartTime and schedEndTime at the "/goform/openSchedWifi" endpoint. Recommendations For Tenda AC8 version US AC8V4.0si...

PT-2022-27158 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the parameters week, sTime, and eTime in the setParentalRules function. Recommendations: For TOTOLINK LR350 version...

CVE-2022-41524

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function...

CVE-2022-38541

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the starttime and stoptime parameters in the my2sql interface...

CVE-2022-38537

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the startfile, endfile, starttime, and stoptime parameters in the binlog2sql interface...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.8.3 through v1.8.5, which stems from the starttime and stoptime parameters in the my2sql interface containing SQL injection vulnerabilities...

PT-2022-21076 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.9cu.5179 B20201015 Description: A stack overflow issue was discovered in the TOTOLINK T6, affecting the desc, week, sTime, and eTime parameters within the FUN 004133c4 function. Recommendations: For TOTOLINK T6 version...

CVE-2022-29641

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...