CVE-2024-7614

CVE-2024-7614 affects Tenda FH1206 1.2.0.8(8155). The vulnerability is in the function fromqossetting of the file /goform/qossetting, where manipulating the argument page causes a stack-based buffer overflow. This can be exploited remotely. Public disclosure exists. A practical workaround from PT...

CVE-2024-7581 Tenda A301 WifiBasicSet formWifiBasicSet stack-based overflow

A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit...

CVE-2024-7552

A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of...

CVE-2024-7551

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploi...

CVE-2024-7551 juzaweb CMS Theme Editor default path traversal

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploi...

CVE-2024-7496 itsourcecode Airline Reservation System index.php file inclusion

A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack can be initiated remotely. The exploit has been...

CVE-2024-7462

CVE-2024-7462 affects TOTOLINK N350RT (firmware 9.3.5u.6139_B20201216). The vulnerability resides in the cstecgi.cgi script’s setWizardCfg function; manipulating the ssid parameter can trigger a buffer overflow. Exploitation is remote-capable and the exploit has been disclosed publicly. Multiple ...

CVE-2024-7450

A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resumeupload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted...

CVE-2024-7445

A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file checkoutticketsave.php. The manipulation of the argument data leads to sql injection. The attack may be launched...

CVE-2024-7373

A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=loadanswered. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2024-7368

A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /ajax.php?action=savequiz. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely...

CVE-2024-7368

CVE-2024-7368 affects SourceCodester Simple Realtime Quiz System 1.0 in the /ajax.php?action=save_quiz endpoint. The vulnerability arises from manipulating the title parameter, enabling cross-site scripting (XSS). The issue can be exploited remotely and is publicly disclosed. Exploit details are ...

CVE-2024-7309

A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h...

CVE-2024-7278

CVE-2024-7278 affects itsourcecode’s Alton Management System 1.0. The vulnerability is a SQL injection caused by improper handling of the team parameter in the file /admin/team_save.php, enabling remote exploitation. Multiple sources confirm the issue and public disclosure of the exploit. The imp...

CVE-2024-7218

A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=savestudent. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit ha...

CVE-2024-7216 TOTOLINK LR1200 shadow.sample hard-coded password

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be...

CVE-2024-7184

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely...

CVE-2024-7183 TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-7161

A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery...

CVE-2024-7160

The CVE-2024-7160 entry concerns TOTOLINK A3700R (version 9.1.2u.5822_B20200513). Affects the function setWanCfg in /cgi-bin/cstecgi.cgi; manipulating the hostName parameter leads to command injection. Exploitation is described as remote with public disclosure. Multiple connected references corro...