| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `system.so` binary. The `setDiagnosisCfg` function retrieves the `ipDoamin` parameter from user input via `websGetVar` and concatenates it directly into a `ping` system command executed via `CsteSystem()` without any sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface. |
| A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_433188` function in `prog.cgi` stores user-supplied email configuration parameters (`EmailFrom`, `EmailTo`, `SMTPServerAddress`, `SMTPServerPort`, `AccountName`) in NVRAM via `nvram_safe_set`. These values are later retrieved in the `sub_448FDC` function of `rc` using `nvram_safe_get` and concatenated into shell commands executed via `twsystem()` without sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface. |
| A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. The `sub_4455BC` function in `prog.cgi` stores user-supplied `SetDMZSettings/IPAddress` values in NVRAM via `nvram_safe_set("dmz_ipaddr", ...)`. These values are later retrieved in the `DMZ_run` function of `librcm.so` using `nvram_safe_get` and concatenated into `iptables` shell commands executed via `twsystem()` without any sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface. |
| A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. The `getSaveConfig` function retrieves the `http_host` parameter from user input via `websGetVar` and copies it into a fixed-size stack buffer (`v13`) using `strcpy()` without performing any length checks. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the router's web interface, potentially leading to arbitrary code execution. |
| An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed via system(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device. |
| An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device. |
| An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to construct system commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device. |
| Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 3 of 3. |
| A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /add_query_reserve.php. Such manipulation of the argument room_id leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. |
| A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overrided_past_order_list of the file ury/ury/api/pos_extend.py. This manipulation of the argument search_term causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. Upgrading to version 0.2.1 is able to mitigate this issue. Patch name: 063384e0dddfd191847cd2d6524c342cc380b058. It is suggested to upgrade the affected component. The vendor replied and reacted very professional. |
| A vulnerability was detected in itsourcecode Online Voting System 1.0. This impacts an unknown function of the file /index.php?page=manage_voting. Performing manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. |
| In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices. |
| PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php. |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php. |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php. |
| PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php. |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php. |
