CVE-2024-11247

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=saveproduct of the component Inventory Page. The manipulation of the argument brand leads to...

CVE-2024-11245 code-projects Farmacia editar-produto.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-11244

CVE-2024-11244 concerns code-projects’ Farmacia 1.0. The vulnerability is in the file /editar-cliente.php , where the manipulation of the id parameter leads to an SQL injection. Descriptions across multiple sources indicate this can be initiated remotely and that the exploit has been publicly dis...

CVE-2024-11243 code-projects Online Shop Store signup.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-11241

CVE-2024-11241 affects code-projects Job Recruitment 1.0. The reset.php file exposes an SQL injection via the e parameter; attack can be launched remotely and the exploit has been disclosed publicly. Several connected sources confirm the vulnerability in the unknown-functionality reset.php and th...

CVE-2024-11237

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3vT TTV6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be...

CVE-2024-11208

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitati...

CVE-2024-11121

A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection...

CVE-2024-11102

A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched...

CVE-2024-11102 SourceCodester Hospital Management System edit-doc.php cross site scripting

A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched...

CVE-2024-11101

CVE-2024-11101 impacts the 1000 Projects Beauty Parlour Management System 1.0. The vulnerability exists in an unknown function of the file /admin/search-invoices.php , where manipulation of the searchdata parameter enables an SQL injection. The described impact is remote execution with the exploi...

CVE-2024-11061 Tenda AC10 fast_setting_wifi_set FUN_0044db3c stack-based overflow

A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN0044db3c of the file /goform/fastsettingwifiset. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2024-11055

A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated...

CVE-2024-11054

A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. Th...

CVE-2024-11054

CVE-2024-11054 affects SourceCodester Simple Music Cloud Community System 1.0, specifically the endpoint /music/ajax.php?action=signup where the argument/parameter named pp can be manipulated to achieve an unrestricted file upload. The vulnerability is remotely exploitable and was publicly disclo...

CVE-2024-11050

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be...

CVE-2024-11046

A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgradefilterasp of the file /upgradefilter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has...

PT-2024-16723 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Time version 9.0.1 Description: A vulnerability has been found in the Image File Handler component of ZKTeco ZKBio Time, affecting an unknown function of the file /auth files/photo/. This issue leads to direct request manipulatio...

CVE-2024-10996

A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/processcategoryedit.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-10995

A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploi...