CVE-2024-10283

A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-10169 code-projects Hospital Management System change-password.php sql injection

A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-10141

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

CVE-2024-10136

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manageinvoice.php. The manipulation of the argument invoicenumber leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10023

A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/addnewmedicine.php. The manipulation of the argument name/packing/genericname/suppliersname leads to sql injection. The attack can be initiate...

CVE-2024-9976

CVE-2024-9976 affects code-projects Pharmacy Management System 1.0. The vulnerability is a SQL injection in the file /php/manage_customer.php?action=search (and related /php/manage_customer.php endpoints) caused by unsanitized input in the text parameter, exploitable remotely and publicly disclos...

CVE-2024-9905 SourceCodester Online Eyewear Shop sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/viewinventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated...

CVE-2024-9816 Codezips Tourist Management System change-image.php unrestricted upload

A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely...

CVE-2024-9786

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has...

CVE-2024-9562 D-Link DIR-605L formSetWizard2 buffer overflow

A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2024-9559 D-Link DIR-605L formWlanSetup buffer overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has...

CVE-2024-9552

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The...

CVE-2024-9328

A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /control/editclient.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-9296

SourceCodester Advocate Office Management System 1.0 is affected by a SQL injection in the forgot_pass.php handler, triggered by manipulating the username parameter. The vulnerability is exploitable remotely and has been publicly disclosed. The affected file is /control/forgot_pass.php; no concre...

CVE-2024-9295

A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /control/login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-9033

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=savecategory. The manipulation of the argument name leads to cross site scripting. The...

CVE-2024-9031

CodeCanyon CRMGo SaaS (up to 7.2) has a cross-site scripting flaw in the /project/task/{task_id}/show endpoint triggered by the comment parameter. The issue may be exploited remotely and exploits have been disclosed publicly. Current remediation guidance in the connected docs is to disable access...

CVE-2024-9011

A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2024-8866 AutoCMS robot.php cross site scripting

A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2024-8709

CVE-2024-8709 affects SourceCodester Best House Rental Management System 1.0. The vulnerable component is the delete_user/save_user function in /admin_class.php, where manipulating the id parameter causes SQL injection. This allows remote exploitation; public exploit info exists. Remediation guid...