PT-2024-29403 · Hicolor · Hicolor

Name of the Vulnerable Software and Affected Versions: hicolor version 0.5.0 Description: A stack overflow in the cp dynamic function, located in /vendor/cute png.h, allows attackers to cause a Denial of Service DoS via a crafted PNG file. Recommendations: For hicolor version 0.5.0, consider...

PT-2024-38139 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found, affecting the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. This issu...

PT-2024-38146 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found, affecting the setUrlFilterRules function of the file /cgi-bin/cstecgi.cgi. The manipulation of the url argument leads to a buffer overflow. This issu...

PT-2024-38149 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue affects the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file, where manipulation of the File argument leads to buffer overflow. This can be initiated...

PT-2024-38133

Name of the Vulnerable Software and Affected Versions TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description A critical issue has been found, affecting the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is...

PT-2024-5386 · Totolink · Totolink Cp900L

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900 version 6.3c.566 Description: A critical issue has been found in the Telnet Service component, specifically affecting the setTelnetCfg function. The manipulation of the telnet enabled argument leads to command injection. This...

TOTOLINK A6000R 安全漏洞

TOTOLINK A6000R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A6000R. The vulnerability stems from the iface parameter in the vifdisable function failing to properly validate or clear user input. An attacker can use this...

PT-2024-8127 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: The issue is related to the get apcli conn info function in the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in an OS command. This can be...

PT-2024-7950 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version 1.0.1-B20201211.2000 Description: The issue is related to a command injection vulnerability in the apcli do enr pin wps function, specifically via the ifname parameter. This vulnerability can be exploited by a remote...

PT-2024-8116 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: A command injection issue exists due to the lack of neutralization of special elements used in the operating system command. This issue is related to the vif disable function and can ...

PT-2024-37773 · Zmops · Argusdbm

Name of the Vulnerable Software and Affected Versions: zmops ArgusDBM version 0.1.0 Description: A critical issue was found in the getDefaultClassLoader function of the CalculateAlarm.java file, part of the AviatorScript Handler component. This issue leads to deserialization and can be exploited...

PT-2024-21872 · Samsung · Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 1380 through 1480 Description: A vulnerability was discovered in the slsi handle nan rx event log ind function related to no input validation check on tag len for rx coming from userspace, which can le...

PT-2024-28308 · Airvertco · Airvertco Frappejs

Name of the Vulnerable Software and Affected Versions: airvertco frappejs version 0.0.11 Description: The issue is related to a prototype pollution vulnerability via the registerView function. This allows attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary...

PT-2024-28358 · Dumpts · Dumpts

Name of the Vulnerable Software and Affected Versions: DumpTS version 0.1.0-nightly Description: A NULL Pointer Dereference issue allows attackers to cause a denial of service. This issue is related to the function DumpOneStream located at /src/DumpStream.cpp. Recommendations: For DumpTS version...

PT-2024-26284 · Channable · Channable

Name of the Vulnerable Software and Affected Versions: Channable for PrestaShop versions up to 3.2.1 Description: The issue allows a guest to perform SQL injection via the ChannableFeedModuleFrontController::postProcess function. Recommendations: For versions up to 3.2.1, consider disabling the...

PT-2024-37312 · Itsourcecode · Itsourcecode Event Calendar

Name of the Vulnerable Software and Affected Versions: itsourcecode Event Calendar version 1.0 Description: A critical issue has been found in the function regConfirm/regDelete of the file process.php. The manipulation of the userId argument leads to SQL injection. The attack can be launched...

PT-2024-37291 · Unknown · Itsourcecode Online House Rental System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online House Rental System version 1.0 Description: A critical issue has been found in the itsourcecode Online House Rental System, affecting an unknown function of the file manage user.php. The manipulation of the id argument...

PT-2024-26435 · Libyaml · Libyaml

Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue affects the function yaml parser parse of the file /src/libyaml/src/parser.c, making libyaml vulnerable to Denial of Service DDOS attacks. Recommendations: As a temporary workaround, consider...

PT-2024-37231 · Sourcecodester · Employee/Visitor Gate Pass Logging System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue was found in the save users function of the /classes/Users.php file, specifically in the id argument, which leads to sql injection. This...

PT-2024-27514 · Lxml · Lxml

Name of the Vulnerable Software and Affected Versions: lxml versions prior to 4.9.1 Description: An XML External Entity XXE vulnerability in the ebookmeta.get metadata function allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input. Recommendations...