CVE-2024-2825 lakernote EasyAdmin saveReportFile path traversal

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The...

CVE-2024-2810 Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow

A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched...

CVE-2024-2766

A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely...

CVE-2024-2569

A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The manipulation leads to execution after redirect. The attack may be launched remotely. The exploit...

CVE-2024-2566

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/getextensionyl.php. The manipulation of the argument imei leads to sql...

CVE-2024-2150 SourceCodester Insurance Management System file inclusion

A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to t...

CVE-2023-7106

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file productdetails.php?prodid=11. The manipulation of the argument prodid leads to sql injection. The attack can be launched...

CVE-2024-1706

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2024-1190 Global Scape CuteFTP denial of service

A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been...

Design/Logic Flaw

A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2024-1035

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The...

Command injection

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

PT-2024-1369 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U version 15.03.06.49 multi TDE01 Description: A critical vulnerability has been found in the function formSetVirtualSer, which is related to a stack-based buffer overflow due to the manipulation of the argument list. This issue can...

CVE-2024-0783

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the publ...

CVE-2024-0773 CodeAstro Internet Banking System pages_client_signup.php cross site scripting

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pagesclientsignup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched...

CVE-2024-0648 Yunyou CMS Common.php unrestricted upload

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit...

Sql injection

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/adminviewinfo.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql...

CVE-2024-0411

A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely...

CVE-2024-0413 DeShang DSKMS install.php access control

A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the publ...

CVE-2024-0301

A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The...