CVE-2024-4801

A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submitnewfaculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been...

College Management System SQL注入漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to the university. An SQL injection vulnerability exists in College Management System version 1.0, which stems from an SQL injection...

PT-2024-32932 · Unknown · Kashipara College Management System

Name of the Vulnerable Software and Affected Versions: Kashipara College Management System version 1.0 Description: A critical issue affects the processing of the file submit new faculty.php, where the manipulation of the address argument leads to sql injection. The attack can be initiated...

PT-2024-32383 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 1.19.13 Description: The issue concerns a server-side request forgery protection bypass in Lobe Chat, an open-source artificial intelligence chat framework. This protection, implemented in src/app/api/proxy/route.t...

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC version 20240428 and earlier versions,...

PT-2024-25907 · Twonav · Twonav

Name of the Vulnerable Software and Affected Versions: TwoNav version 2.1.13 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited via the url parameter to the API endpoint "index.php?c=api&method=read data&type=connectivity...

TwoNav 安全漏洞

TwoNav is an open source and free bookmark navigation management program from tznb1 open source. A security vulnerability exists in TwoNav version 2.1.13, which stems from a server-side request forgery vulnerability in the url parameter...

PT-2024-23658 · Hadsky · Hadsky

Name of the Vulnerable Software and Affected Versions: HadSky version 7.6.3 Description: A stored cross-site scripting XSS issue in the remotelink function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. Recommendations: For HadSky...

CVE-2024-28076

The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format...

WordPress Plugin Contact Form by BestWebSoft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin Contac...

PT-2024-19134 · Bestwebsoft · The Contact Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by BestWebSoft plugin for WordPress versions up to and including 4.2.8 Description: The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-30568

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter...

NETGEAR R6850 安全漏洞

The NETGEAR R6850 is a wireless router from NETGEAR. The NETGEAR R6850 suffers from a command injection vulnerability that stems from the c4-IPAddr parameter failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit this vulnerability to cause...

Zebra ZTC GK420d 跨站脚本漏洞

The Zebra ZTC GK420d is a desktop printer from Zebra. A cross-site scripting vulnerability exists in the Zebra ZTC GK420d version 1.0, which originates from unknown code in file /settings in the component Alert Setup Page, leading to cross-site scripting via the parameter Address...

PT-2024-23892 · Zebra · Zebra Ztc Gk420D

Name of the Vulnerable Software and Affected Versions: Zebra ZTC GK420d version 1.0 Description: A problematic issue was found in the Alert Setup Page component, specifically affecting the /settings file. The manipulation of the Address argument leads to cross-site scripting. This issue can be...

PT-2024-23505 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: The issue is a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. This vulnerability can be exploited, potentially allowing attackers to execute arbitrary...

PT-2024-23093 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical vulnerability has been found, affecting the function GetParentControlInfo of the file "/goform/GetParentControlInfo". The manipulation of the argument mac leads to a stack-based buffer...

Tenda FH1203 命令注入漏洞

The Tenda FH1203 is a wireless router from Tenda, China. A command injection vulnerability exists in the Tenda FH1203 version 2.0.1.6, which is caused by a command injection in the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file...

batik: Server-Side Request Forgery vulnerability

A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks...

PT-2024-18435 · WordPress · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress versions up to, and including, 1.12.5 Description: The issue is related to Stored Cross-Site Scripting due to...