517 matches found
PT-2024-22470 · Freeimage +1 · Freeimage +1
Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 r1909 Description: A Buffer Overflow issue allows a local attacker to cause a denial of service DoS via the read iptc profile function when reading images in TIFF format. Recommendations: For FreeImage version 3.19.0...
PT-2024-2494 · Tenda · Tenda Ac7
Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue was found in the saveParentControlInfo function of the /goform/saveParentControlInfo file, which is related to a stack-based buffer overflow. This can be exploited remotely by...
PT-2024-21039 · 74Cms · 74Cms
Name of the Vulnerable Software and Affected Versions: 74CMS version 3.28.0 Description: A critical issue has been found in the function sendCompanyLogo of the file /controller/company/Index.phpsendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads...
PT-2024-2386 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions 15.03.05.18 through 15.03.20 multi Description: The issue is related to the function formSetSambaConf at the /goform/setsambacfg endpoint, where the usbName parameter is not properly sanitized, leading to OS command...
PT-2024-22388 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: gpac version 2.3-DEV-rev921-g422b78ecf-master Description: The issue is related to an out of boundary write vulnerability via the swf get string function at scene manager/swf parse.c:325. This vulnerability can be exploited by a remote attack...
PT-2024-22389 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: gpac version 2.3-DEV-rev921-g422b78ecf-master Description: The issue is related to an out of boundary read vulnerability via the gf dash setup period function in the media tools/dash client.c file at line 6374. This vulnerability can allow a...
PT-2024-2407 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions 15.03.05.18 through 15.03.20 multi Description: A critical issue affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection, allowing remote...
PT-2024-20281 · Unknown · Heimavista Rpage
Name of the Vulnerable Software and Affected Versions: Heimavista Rpage and Epage affected versions not specified Description: The issue concerns the improper implementation of the disabling function for the user registration page, allowing remote attackers to complete user registration on sites...
PT-2024-2265 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetDeviceName function of the /goform/SetOnlineDevName file, leading to a stack-based buffer overflow when the devName or mac argument is manipulated. This can be...
PT-2024-3377 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8-rc7 Description: The issue is related to a double-free vulnerability in the ns update nuse function, which can lead to a denial of service. When nvme identify ns fails, it frees the pointer to the struct nvm...
PT-2024-21946 · Wondercms · Wondercms
Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.1.3 Description: A Server-Side Request Forgery SSRF issue in the installUpdateThemePluginAction function allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the...
PT-2024-2266 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical vulnerability was found in the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the arguments schedStartTime and schedEndTime leads to a stack-based buffer...
PT-2024-18439 · WordPress · Yuki Theme
Name of the Vulnerable Software and Affected Versions: Yuki theme for WordPress versions up to, and including 1.3.14 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the reset customizer options function. This allows unauthenticated...
PT-2024-18422 · Unknown · Osuuu Lightpicture
Name of the Vulnerable Software and Affected Versions: osuuu LightPicture versions up to 1.2.2 Description: A critical issue has been found in osuuu LightPicture, affecting the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to the use of a hard-coded...
PT-2024-2168 · Unknown · Gguf Library
Name of the Vulnerable Software and Affected Versions: GGUF library version Commit 18c2e17 Description: A heap-based buffer overflow vulnerability exists in the GGUF library gguf fread str functionality of llama.cpp. This vulnerability can be triggered by a specially crafted .gguf file, potential...
PT-2024-1966 · D Link · D-Link Dir-823G
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G version A1V1.0.2B05 Description: The issue is related to a Null-pointer dereference in the sub 41C488 function, which can be exploited by attackers to cause a Denial of Service DoS via a crafted input. This vulnerability is...
PT-2024-13669 · Projeqtor · Projeqtor
Name of the Vulnerable Software and Affected Versions: ProjeQtOr version 11.0.2 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via a crafted script to the checkvalidHtmlText function in the ack.php and security.php files. This enables the attacker...
PT-2024-20903 · Unknown · Libiec61850
Name of the Vulnerable Software and Affected Versions: libiec61850 versions 1.4.0 Description: The issue allows a remote attacker to cause a denial of service via the mmsServer handleGetNameListRequest function to the mms getnamelist service component. Recommendations: For version 1.4.0, consider...
PT-2024-20229 · Jsherp · Jsherp
Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns a SQL Injection vulnerability. Specifically, the findInOutMaterialCount function in com.jsh.erp.controller.DepotHeadController does not adequately filter the column and order parameters,...
PT-2024-17680 · Juanpao · Jpshop
Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue was found in the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic url leads to...