137 matches found
PT-2023-9116 · Tenda · Tenda I6
Name of the Vulnerable Software and Affected Versions: Tenda i6 version 1.0.0.83856 Description: The issue is related to a buffer overflow vulnerability in the Wi-Fi router's microprogram, specifically in the /goform/WifiMacFilterSet component. This vulnerability can be exploited by a remote...
PT-2023-32485 · Unknown · Elijaa/Phpmemcachedadmin
Name of the Vulnerable Software and Affected Versions: elijaa/phpmemcachedadmin version 1.3.0 Description: A critical flaw has been identified, specifically related to a stored XSS vulnerability, allowing malicious actors to insert a carefully crafted JavaScript payload. The issue arises from...
PT-2023-30066 · Zioncom (Hong Kong) Technology Limited · A7000R
Name of the Vulnerable Software and Affected Versions: ZIONCOM Hong Kong Technology Limited A7000R version 4.1cu.4154 Description: An issue allows an attacker to execute arbitrary code via the "cig-bin/cstecgi.cgi" endpoint to the setPasswordCfg function. Recommendations: For version 4.1cu.4154,...
PT-2023-29814 · Unknown · Thingnario Photon
Name of the Vulnerable Software and Affected Versions: ThingNario Photon version 1.0 Description: An issue in the software allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function at the "thingnario Logger Maintenance Webpage" endpoint...
PT-2023-29004 · Subrion · Subrion
Name of the Vulnerable Software and Affected Versions: Subrion version 4.2.1 Description: A Cross-site scripting XSS issue exists in the /panel/languages/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter. This enables...
PT-2023-26654
Name of the Vulnerable Software and Affected Versions msaad1999's PHP-Login-System version 2.0.1 Description A reflected cross-site scripting XSS issue allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the...
PT-2023-11510 · Unknown · Earcms Ear App
Name of the Vulnerable Software and Affected Versions: Earcms Ear App version 20181124 Description: An issue in Earcms Ear App allows a remote attacker to execute arbitrary code via the "uload/index-uplog.php" endpoint. This enables the attacker to perform unauthorized actions on the affected...
PT-2023-4612 · Tenda · Tenda Ac10
Name of the Vulnerable Software and Affected Versions: Tenda AC10 version v4 US AC10V4.0si V16.03.10.13 cn Description: The issue is related to a stack overflow vulnerability via the parameter list and bindnum at the "/goform/SetIpMacBind" API endpoint. This vulnerability may allow a remote...
PT-2023-27405 · Jenkins · Jenkins Gogs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The webhook endpoint in Jenkins Gogs Plugin provides unauthenticated attackers with information about the existence of jobs in its output. This endpoint, located at "/gogs-webhook",...
PT-2023-7485 · Axis · Axis License Plate Verifier
Name of the Vulnerable Software and Affected Versions: AXIS License Plate Verifier affected versions not specified Description: The issue arises from insufficient input validation in the "api.cgi" file of the License Plate Verifier software, allowing for arbitrary code execution. This can be...
PT-2023-13037 · Yii2 · Yii2
Name of the Vulnerable Software and Affected Versions: Yii 2 version 2.0.45 Description: A cross-site scripting XSS issue was discovered via the endpoint "/books". This allows for potential malicious script execution. The estimated number of affected devices and real-world incidents are not...
PT-2023-25626 · Sourcecodester · Sourcecodester Ac Repair/Services System
Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A vulnerability has been found in the system, classified as problematic. It affects an unknown functionality of the file "admin/?page=user/manage user". The manipulation of...
PT-2023-22365 · Wildix · Wildix Wsg24Poe
Name of the Vulnerable Software and Affected Versions: Wildix WSG24POE version 103SP7D190822 Description: An issue was discovered in the "/cgi-bin/login rj.cgi" API endpoint, allowing attackers to bypass authentication. Recommendations: For Wildix WSG24POE version 103SP7D190822, consider disablin...
PT-2023-24344 · Unknown · Sourcecodester Faculty Evaluation System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Faculty Evaluation System version 1.0 Description: The issue allows for arbitrary code execution via the "/eval/ajax.php?action=save user" API endpoint. This could potentially lead to unauthorized access and control of the...
PT-2023-22497 · S Cms · S-Cms
Name of the Vulnerable Software and Affected Versions: S-CMS version 5.0 Description: The issue is related to an authenticated remote code execution RCE vulnerability. It can be exploited via the /admin/ajax.php API endpoint. Recommendations: For S-CMS version 5.0, consider disabling access to th...
PT-2023-20982 · Unknown · Openapi Generator
Name of the Vulnerable Software and Affected Versions: openapi-generator versions up to v6.4.0 Description: The issue is related to a Server-Side Request Forgery SSRF in the component "/api/gen/clients/language". This allows attackers to access network resources and sensitive information via a...
PT-2023-22030 · Cerebrate · Cerebrate
Name of the Vulnerable Software and Affected Versions: Cerebrate version 1.13 Description: A blind SQL injection issue exists in the "searchAll API endpoint". This allows for potential exploitation. Recommendations: For Cerebrate version 1.13, consider disabling access to the "searchAll API...
PT-2023-5052 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the "execute-actions-email" endpoint of Keycloak, allowing arbitrary HTML to be injected into emails sent to Keycloak users. This issue can be misused to perform phishi...
PT-2023-2141 · Totolink · Totolink A7100Ru
Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version V7.4cu.2313 B20191024 Description: The issue is related to a command injection vulnerability. This vulnerability can be exploited via the enabled parameter at the "/setting/setWanIeCfg" API endpoint. The vulnerability...
PT-2023-16677 · Unknown · Sourcecodester Sales Tracker Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Sales Tracker Management System version 1.0 Description: A vulnerability was found in the SourceCodester Sales Tracker Management System, affecting the file "admin/?page=user/list". This issue leads to cross-site request forger...