VulnCheck KEV: CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

VulnCheck KEV: CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25404

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETESTR parameter...

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25082

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

TotoLink T10 操作系统命令注入漏洞

TOTOLink T10 is a wireless network system router from TotoLink, China.TOTOLink T10 V5.9c.5061B20200511 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...

TotoLink A3600R 操作系统命令注入漏洞

TOTOLink A3600R is a wireless router from TotoLink, China.TOTOLink A3600R V4.1.2cu.5182B20201102 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...

PT-2022-3858 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLink T10 version V5.9c.5061 B20200511 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink T10 mesh system. This allows a remote attacker to execute arbitrary commands through the...

PT-2022-2961

Name of the Vulnerable Software and Affected Versions TOTOLink A3000RU version V5.9c.2280 B20180512 Description The issue is related to a command injection vulnerability in the "Main" function, which is caused by insufficient argument checking. This allows attackers to execute arbitrary commands...

PT-2022-3934 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLink A950RG versions V4.1.2cu.5204 B20210112 through V5.9c.4050 B20190424 Description: The issue is related to the "Main" function of the TOTOLink A950RG router's firmware, which lacks input data sanitization. This allows a remote attacke...

PT-2022-3857 · Totolink · Totolink A800R

Name of the Vulnerable Software and Affected Versions: TOTOLink A800R version 4.1.2cu.5137 B20200730 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A800R router's firmware. This vulnerability is caused by the lack of input data...

CloudBees Jenkins Validating String Parameter Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-2257

Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2020-2257

Jenkins Validating String Parameter Plugin (versions ≤ 2.4) contains a stored XSS vulnerability due to insufficient escaping of user-controlled fields (including regular expressions in tooltips, names, and descriptions). Exploitation requires Job/Configure permission. A fix is available in versio...

PT-2020-15482 · Jenkins · Jenkins Validating String Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Validating String Parameter Plugin versions 2.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Job/Configure permission. This occurs because the...

GHSA-7F59-X49P-V8MQ Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2017-9392

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "requestimage" as one of the service actions for ...