CVE-2024-1266

A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /streg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting...

PT-2024-17700 · Unknown · Codeastro University Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro University Management System version 1.0 Description: A problematic issue was found in the Student Registration Form component, specifically in the /st reg.php file. The manipulation of the Address argument leads to cross-site...

University Management System Cross-Site Scripting Vulnerability

University Management System is a university management system. A cross-site scripting vulnerability exists in version 1.0 of the University Management System, which stems from the parameter Address in the file /streg.php that causes cross-site scripting...

CVE-2024-23033

Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

LyLme Spage Code Issue Vulnerability

LyLme Spage six zero navigation page is China's six zero LyLme open source a navigation page . Committed to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitate the most valuable links , no commercial...

PT-2024-1253 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue has been identified, affecting the setDiagnosisCfg function of the /cgi-bin/cstecgi.cgi file. The manipulation of the ip argument leads to a stack-based buffer...

CVE-2024-23060

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function...

CVE-2024-0298

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The...

TOTOLINK N200RE 安全漏洞

The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a command injection vulnerability that stems from a failure to properly filter the ip parameter of the setDiagnosisCfg function on the /cgi-bin/cstecgi.cgi page for...

CVE-2024-0284

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file partysubmit.php. The manipulation of the argument partyaddress leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2023-49633

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyeraddress' parameter of the buyerdetailsubmit.php resource does not validate the characters received and they are sent unfiltered to the database...

Kashipara Billing Software SQL Injection Vulnerability

Kashipara Billing Software is an application from Kashipara India. A SQL injection vulnerability exists in Kashipara Billing Software v1.0, which originates when the buyeraddress parameter of the buyerdetailsubmit.php page is processed without filtering the data and sending it to the database for...

PT-2024-13859 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.1.2 Description: The issue allows OS Command Injection if an adversary has a valid session ID. The attack involves placing shell metacharacters in an "api/tools/waf detector/?url=" string. The commands are executed...

CVE-2023-48378

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2023-48379

Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...

CVE-2023-48172

A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...

Exploit for Uncontrolled Search Path Element in Dieboldnixdorf Vynamic_View

Exploit Title: DLL Hijacking in Diebold Nixdorf Vynamic View C...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a command execution vulnerability that stems from the IP parameter of the setDiagnosisCfg component failing to properly filter constructed command special characters, commands, and so on...

LOYTEC electronics GmbH LINX Configurator Security Breach

LOYTEC electronics GmbH LINX Configurator is a tool from the Austrian company LOYTEC electronics GmbH for configuring and managing devices on its LINX platform. A security vulnerability in LOYTEC electronics GmbH LINX Configurator version 7.4.10, which stems from the failure to encrypt the...

Tecno TR118 Security Vulnerability

Tecno TR118 is a portable 4G WiFi from Tecno China. A security vulnerability exists in the Tecno TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830 version, which stems from an incorrect manipulation of the parameter url that can lead to OS command injection...