CVE-2024-9561

CVE-2024-9561 affects D-Link DIR-605L firmware 2.13B01 BETA, specifically the vulnerable functions formSetWAN_Wizard51/52. The root cause is improper validation of the curTime parameter, leading to a buffer overflow that can be exploited remotely. Multiple connected sources (NVD, Red Hat, CNVD, C...

CVE-2024-9560

A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotel...

CVE-2024-9560 ESAFENET CDG Catelogs;logindojojs delCatelogs sql injection

A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotel...

CVE-2024-9555

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasyWizard of the file /goform/formSetEasyWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely...

CVE-2024-9552

The CVE-2024-9552 entry affects D-Link DIR-605L, specifically the web-facing function formSetWanNonLogin in /goform/formSetWanNonLogin. The vulnerability is a buffer overflow caused by improper validation of the webpage parameter, enabling remote exploitation with no user interaction. Public expl...

CVE-2024-9533

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument nextpage leads to buffer overflow. The attack may be initiated remotely. The exploit has be...

CVE-2024-9514 D-Link DIR-605L formSetDomainFilter buffer overflow

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been declared as critical. This vulnerability affects the function formSetDomainFilter of the file /goform/formSetDomainFilter. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely...

CVE-2024-9429 code-projects Restaurant Reservation System filter2.php sql injection

A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely...

CVE-2024-9360

A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit h...

CVE-2024-9358

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is...

CVE-2024-9323

The CVE-2024-9323 entry concerns SourceCodester Inventory Management System 1.0, where an unknown function in /app/action/add_staff.php is vulnerable to cross-site scripting. The issue can be triggered remotely and the exploit has been disclosed publicly. Multiple connected sources corroborate th...

CVE-2024-9322

A vulnerability was found in code-projects Supply Chain Management 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/editmanufacturer.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2024-9316

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-9298

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /?page=tickets of the component Ticket Handler. The manipulation of the argument id leads to improper access...

CVE-2024-9299

A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate th...

CVE-2024-9299

The CVE-2024-9299 entry concerns SourceCodester Online Railway Reservation System version 1.0. The vulnerability is a cross-site scripting (XSS) flaw arising from manipulation of the First Name/Middle Name/Last Name parameters on the /?page=reserve endpoint. A remote attacker can exploit this, wi...

CVE-2024-9094 code-projects Blood Bank System o-.php sql injection

A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argument bloodname leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-9087

CVE-2024-9087 affects code-projects Vehicle Management 1.0; vulnerable component is the /edit1.php script where the parameter sno is not properly validated, enabling SQL injection. Root cause: inadequate input validation leading to data access/alteration via a network-reachable endpoint. Reported...

CVE-2024-9087 code-projects Vehicle Management edit1.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /edit1.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2024-9082 SourceCodester Online Eyewear Shop User Creation Users.php improper authorization

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save of the component User Creation Handler. The manipulation of the argument Type with the input 1 leads to...