Xueying Li

4 exploits Active since Jan 2023
CVE-2022-46502 WRITEUP CRITICAL WRITEUP
Online Student Enrollment System v1.0 - SQL Injection
Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php.
CVSS 9.8
CVE-2024-57412 WRITEUP HIGH WRITEUP
SunOS Omnios v5.11 - Denial of Service via Crafted TCP Packets
An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service (DoS) via repeatedly sending crafted TCP packets.
CVSS 7.5
CVE-2025-56233 WRITEUP HIGH WRITEUP
Openindiana kernel SunOS 5.11 - DoS
Openindiana, kernel SunOS 5.11 has a denial of service vulnerability. For the processing of TCP packets with RST or SYN flag set, Openindiana has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within the current receive window, which violates RFC5961. This flaw allows attackers to send multiple random TCP RST/SYN packets to hit the acceptable range of sequence numbers, thereby interrupting normal connections and causing a denial of service attack.
CVSS 7.5
CVE-2025-56234 WRITEUP HIGH WRITEUP
AT_NA2000 - Denial of Service via TCP RST Packet Sequence Number Spoofing
AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within the current receive window, which violates RFC5961. This flaw allows attackers to send multiple random TCP RST packets to hit the acceptable range of sequence numbers, thereby interrupting normal connections and causing a denial-of-service attack.
CVSS 7.5