CVE-2024-7154

The CVE-2024-7154 entry applies to TOTOLINK A3700R with version 9.1.2u.5822_B20200513. Affected is an unknown function in /wizard.html of the Password Reset Handler. The root cause is improper access controls, enabling remote exploitation. Multiple connected sources corroborate this (e.g., Red Ha...

CVE-2024-7151 Tenda O3 setMacFilter fromMacFilterSet stack-based overflow

A vulnerability was found in Tenda O3 1.0.0.102478. It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2024-7120

The CVE-2024-7120 entry concerns Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 devices (Web Interface, file list_base_config.php). The root cause is improper handling of the template argument, enabling OS command injection with remote access. Impact is remote code execution and potential full control...

Cross-Site Request Forgery in Spina

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

CVE-2024-7080 SourceCodester Insurance Management System direct request

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has be...

CVE-2024-6962

A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been...

CVE-2024-6963 Tenda O3 formexeCommand stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2024-6951

The CVE-2024-6951 entry corresponds to a SQL injection in SourceCodester Simple Online Book Store System 1.0,具体 affecting the admin_delete.php logic where the bookisbn parameter is manipulated. Exploitation can be performed remotely and has been disclosed publicly, with multiple sources assigning...

CVE-2024-6946 Flute CMS list code injection

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2024-6935

Form Tools 3.1.1 is affected by a cross-site scripting vulnerability in the User Settings Page, specifically the /admin/clients/ file. The issue is triggered remotely and has publicly disclosed exploit details. Affected component/URL: /admin/clients/ within Form Tools 3.1.1. Root cause and exact ...

CVE-2024-6903

CVE-2024-6903 affects SourceCodester Record Management System 1.0, with a vulnerability in the file sort1_user.php where manipulating the position argument enables SQL injection. The issue is exploitable remotely, and multiple sources indicate an active exploit/disclosure. Root cause: improper ha...

CVE-2024-6523 ZKTeco BioTime system-group-add cross site scripting

A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input alert'XSS' leads to cross site scripting. It is possible to launch the...

CVE-2024-6440

CVE-2024-6440 affects SourceCodester Home Owners Collection Management System 1.0. Affected component: /classes/Master.php?f=delete_category; parameter id manipulation leads to SQL injection. Attack is possible remotely and exploitation has been disclosed publicly. Several connected documents con...

CVE-2024-6414

A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely...

CVE-2024-6374

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site...

CVE-2024-6275

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. The manipulation of the argument update leads to sql injection. The attack can be initiated remotel...

CVE-2024-6252 Zorlan SkyCaiji Task cross site scripting

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The...

CVE-2024-6189 Tenda A301 WifiExtraSet fromSetWirelessRepeat stack-based overflow

A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapskcrypto leads to stack-based buffer overflow. It is possible to launch the attack remotel...

CVE-2024-6187

CVE-2024-6187 affects Ruijie RG-UAC 1.0. The vulnerability resides in the file /view/vpn/autovpn/sub_commit.php where manipulation of the key parameter enables remote OS command injection . Exploitation is possible without user interaction and has been disclosed publicly. Several sources refer to...

CVE-2024-6129 spa-cartcms Username login observable behavioral discrepancy

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...