CVE-2024-21880

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Enphase allows OS Command Injection.This issue affects Envoy: 4.x = 7.x...

PT-2024-19111 · Enphase · Enphase Iq Gateway

Name of the Vulnerable Software and Affected Versions: Enphase IQ Gateway formerly known as Enphase versions 4.x through 7.x Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a Command Injection vulnerability. This vulnerability c...

Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil

CVE-2021-21551 Proof of concept exploit for CVE-2021-21551, vu...

Online Blood Bank Management System 跨站脚本漏洞

Online Blood Bank Management System is itsourcecode open source online blood bank management system. A cross-site scripting vulnerability exists in Online Blood Bank Management System version 1.0, which stems from incorrect manipulation of the Address/bloodgroup parameter that can lead to...

TOTOLINK A3600R 安全漏洞

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3600R version 4.1.2cu.5182B20201102, which originates from the priority/macAddress parameter in the setMacQos function of the /cgi-bin/cstecgi.cgi...

ItSourceCode 'Online Blood Bank Management System in PHP" Stored XSS

Stored XSS in Online Blood Bank Management System V1.0...

DotCMS 安全漏洞

DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS that originates from a URL parameter in the login page for resetting a password that can inject HTML code...

PT-2024-28634 · Evmos · Evmos

Name of the Vulnerable Software and Affected Versions: Evmos versions prior to 19.0.0 Description: The issue allows a user to create a vesting account with a 3rd party account as funder without its permission. This is possible because the authorization checked in the code is for the...

Ingenico Estate Manager Cross-Site Scripting Vulnerability

Ingenico Estate Manager is a real estate management software from Ingenico Japan. A cross-site scripting vulnerability exists in Ingenico Estate Manager 2023, which stems from the fact that incorrect manipulation of a parameter URL can lead to cross-site scripting...

PT-2024-28265 · Wavlink · Wavlink Wn551K1

Name of the Vulnerable Software and Affected Versions: WAVLINK WN551K1 affected versions not specified Description: A command injection issue was discovered, which can be exploited through the IP parameter of the "/cgi-bin/touchlist sync.cgi" API endpoint. Recommendations: At the moment, there is...

PT-2024-27048 · Unknown · Puppeteer-Renderer

Name of the Vulnerable Software and Affected Versions: puppeteer-renderer versions 3.2.0 and earlier Description: The issue allows attackers to exploit the URL parameter using the file protocol to read sensitive information from the server. This is achieved through a Directory Traversal attack...

TRENDnet TEW-814DAP Security Vulnerability

The TRENDnet TEW-814DAP is a wireless access point from Trendnet, Inc. A security vulnerability exists in TRENDnet TEW-814DAP v1FW1.01B01, which originates from a stack overflow vulnerability in the submit-url parameter at /formNewSchedule...

College Management System 跨站脚本漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to college. A cross-site scripting vulnerability exists in Kashipara College Management System version 1.0, which stems from the...

College Management System 跨站脚本漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to college. A cross-site scripting vulnerability exists in Kashipara College Management System version 1.0, which stems from the...

PT-2024-35848 · Unknown · Kashipara College Management System

Name of the Vulnerable Software and Affected Versions: Kashipara College Management System version 1.0 Description: A problematic issue was found in the system, affecting an unknown function of the file submit new faculty.php. The manipulation of the address argument leads to cross site scripting...

PT-2024-40438 · Unknown · Htmleditorfield Toolbar

Name of the Vulnerable Software and Affected Versions: HtmlEditorField Toolbar affected versions not specified Description: The issue concerns the "Add from URL" functionality, which does not properly sanitize URLs on the server side. Specifically, the HtmlEditorField Toolbar action viewfile is...

PT-2024-40327 · Framework · Framework

Name of the Vulnerable Software and Affected Versions: framework versions prior to 3.1.14 Description: A risk exists due to an unvalidated returnURL parameter passed to dev/build, which could cause the user to redirect to an unverified third-party URL outside of the site. Recommendations: For...

WordPress plugin WPB Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the download_file_stream() function (backend/apps/web/routers/utils.py) in the AI-based web interface Open WebUI (previously Ollama WebUI) allows a attacker to perform an SSRF attack.

The vulnerability of the downloadfilestream function located in backend/apps/web/routers/utils.py of the Open WebUI formerly Ollama WebUI AI-based web interface is related to the manipulation of requests on the server-side during the processing of the url parameter. Exploiting this vulnerability...

Simple Chat System 安全漏洞

Simple Chat System is a simple chat system by nurhodelta17 individual developer. A security vulnerability exists in Simple Chat System version 1.0, which stems from an incorrect manipulation of the parameters name/number/address that can lead to SQL injection...