CVE-2022-27128

An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.

Source: CVE-2022-27128

CVE-2022-27290

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.

Source: CVE-2022-27290

CVE-2022-27291

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter.

Source: CVE-2022-27291

CVE-2022-27133

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.

Source: CVE-2022-27133

CVE-2022-27127

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.

Source: CVE-2022-27127

CVE-2022-27131

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Source: CVE-2022-27131

CVE-2022-27126

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.

Source: CVE-2022-27126

CVE-2022-27129

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Source: CVE-2022-27129

CVE-2022-27289

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.

Source: CVE-2022-27289

CVE-2022-27288

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.

Source: CVE-2022-27288