15 matches found
SQL Injection
devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the display parameter in API requests, which allows an attacker to execute arbitrary SQL queries and compromise the database...
CVE-2026-0504 Insufficient Input Handling in JNDI Operations of SAP Identity Management
Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2025-59287 ⚠ This tool is created solely for education...
CVE-2025-9066
Summary: CVE-2025-9066 affects Rockwell Automation’s FactoryTalk ViewPoint. Unauthenticated attackers can abuse SOAP requests to trigger XML External Entity (XXE) processing, resulting in a temporary denial-of-service. The vulnerability is documented across multiple sources (NVD, Rockwell advisor...
CVE-2023-41226
D-Link DIR-3040 prog.cgi SetMyDLinkRegistration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...
CVE-2023-41221
D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...
CVE-2023-41219
D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. T...
The vulnerability of the SetTriggerPPPoEValidate() function in D-Link DIR-X3260 Wi-Fi routers’ software allows a hacker to bypass security restrictions and execute arbitrary code.
The vulnerability of the SetTriggerPPPoEValidate function in D-Link DIR-X3260 Wi-Fi routers is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and execute arbitrary code by sending specially crafted HNAP...
PT-2023-2726 · NetGear · Netgear Rax30
Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. The specific flaw exists within the handling of SOAP...
The vulnerability of the WS-Addressing plugin in the gSOAP software development environment allows a perpetrator to execute arbitrary code.
The vulnerability of the WS-Addressing plugin in the gSOAP software development environment is related to integer overflow during SOAP request processing. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted HTTP requests...
Security Bulletin: Potential Spoofing vulnerability in WebSphere Application Server Liberty Core affect CICS Transaction Gateway
Summary Potential Spoofing vulnerability in WebSphere Application Server Liberty Core used by CICS Transaction Gateway affects Web Service requests. CICS Transaction Gateway addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere Application Server cou...
The vulnerability of Netgear’s networking hardware’s microprogramming software, related to insufficient validation of input data, allows a intruder to trigger a service failure.
The vulnerability of Netgear’s networking hardware’s microprogramming software is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by sending specially crafted SOAP requests...
Security Bulletin: Security Vulnerability in Apache Axis affects IBM WebSphere Dashboard Framework (CVE-2014-3596)
Summary There is an insecure certificate validation CVE-2014-3596 in Apache Axis which is bundled with IBM WebSphere Dashboard Framework. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Axis which can be used to make web service requests. A vulnerability in Ax...
EMC Documentum xCP SQL Query Injection Vulnerability
EMC Documentum is an enterprise document and image management tool that makes the creation, modification, tracking and utilization of documents in business processes efficient, standardized and rigorous. EMC Documentum xCP fails to properly handle XCP REST requests, allowing remote attackers to...
Multiple F5 Products Privilege Acquisition Vulnerabilities
F5 BIG-IP LTM, etc. are products of F5 USA.LTM is a local traffic manager; APM is a set of solutions that provide secure and unified access to business-critical applications and networks. A security vulnerability exists in the iControl API of several F5 products. Because the...