Open Redirect

drupal/drupal is vulnerable to Open Redirect. The vulnerability is due to the insecure handling of the "destination" query string parameter in Drupal core and contributed modules. This allows malicious users to craft URLs that redirect unsuspecting users to third-party websites...

Siemens Simcenter Nastran 安全漏洞

Simcenter Nastran is a finite element method solver. A stack buffer overflow vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process when an affected application parses a specific string as a parameter to an...

CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

Null pointer dereference

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

Vite Cross-Site Scripting Vulnerability

Vite is a new front-end builder tool open-sourced by Vite. Vite suffers from a cross-site scripting vulnerability that stems from the ability to inject arbitrary HTML into the output by providing a malicious URL query string...

Tongda OA 2017 Security Breach

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 version 11.9 and earlier versions, which stems from an incorrect operation of the parameter DELETESTR that can lead to sql injection...

PT-2023-7016 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 up to 11.9 Description: A critical vulnerability has been found in Tongda OA, related to the file general/system/censor words/module/delete.php. The issue is due to the lack of protection against SQL injection when handling the...

Tongda OA 2017 Security Breach

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 version 11.9 and earlier versions, which stems from an incorrect operation of the parameter DELETESTR that can lead to sql injection...

Pleasant Solutions Pleasant Password Server Cross-Site Scripting Vulnerability

Pleasant Solutions Pleasant Password Server is a proprietary multi-user enterprise password server from Pleasant Solutions. A security vulnerability exists in Pleasant Solutions Pleasant Password Server version v7.11.41.0, which originates from a cross-site scripting XSS vulnerability in the...

PT-2023-27025 · Unknown · Isl Arp Guard

Name of the Vulnerable Software and Affected Versions: ISL ARP Guard version 4.0.2 Description: A reflected cross-site scripting XSS issue exists in the url str URL parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the execution of maliciou...

Atlas Business Directory Listing 跨站脚本漏洞

codecanyon Atlas Business Directory Listing is a system by codecanyon, Inc. A cross-site scripting vulnerability exists in Creativeitem Atlas Business Directory Listing version 2.13, which stems from a cross-site scripting XSS vulnerability in the parameter searchstring...

SUSE CVE-2016-8578

The v9fsiovvunmarshal function in fsdev/9p-iov-marshal.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash by sending an empty string parameter to a 9P operation...

TOTOLINK A830R QUERY_STRING Command Injection Vulnerability

The TOTOLINK A830R is a dual-band wireless router that supports both 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 1200Mbps, making it suitable for home network coverage needs. The TOTOLINK A830R suffers from a command injection vulnerability that stems from its QUERYSTRING...

CVE-2022-48069

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...

TOTOLINK A830R 操作系统命令注入漏洞

The TOTOLINK A830R is a dual-band wireless router that supports both 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 1200Mbps, making it suitable for home network coverage needs. The TOTOLINK A830R suffers from a command injection vulnerability that stems from its QUERYSTRING...

Zenoss 跨站脚本漏洞

Zenoss is the United States Zenoss company's set of open source enterprise-class IT management and monitoring software. The software provides event management, network service monitoring, host resource monitoring and network device availability monitoring and other functions. A cross-site scripti...

Cross-Site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in vendor.js due to an outdated jquery which allows an attacker to inject and execute arbitrary javascript using a specially crafted proto query string parameter...

CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

Cross site scripting

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...