CVE-2024-5196

CVE-2024-5196 targets Arris VAP2500 v08.50. A vulnerability in /tools_command.php (parameter cmb_header/txt_command) allows remote command injection. Exploitation is possible remotely; public disclosure noted. No remediation details provided in the supplied documents.

CVE-2024-5193 Ritlabs TinyWeb Server Request crlf injection

A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2024-5106

CVE-2024-5106 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is a SQL injection in the file /view/student_payment_details3.php, caused by manipulating the index parameter. It is exploitable remotely and an exploit has been disclosed publicly. Various sources ...

CVE-2024-5100 SourceCodester Simple Inventory System tableedit.php sql injection

A vulnerability was found in SourceCodester Simple Inventory System 1.0. It has been classified as critical. This affects an unknown part of the file tableedit.php. The manipulation of the argument from/to leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-5096

A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been...

CVE-2024-5095 Victor Zsviot Camera MQTT Packet denial of service

A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

CVE-2024-5043 Emlog Pro setting.php unrestricted upload

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

CVE-2024-4945

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file viewparcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2024-4919 Campcodes Online Examination System addCourseExe.php sql injection

A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument coursename leads to sql injection. The attack can be initiated...

CVE-2024-4816

CVE-2024-4816 affects Ruijie RG-UAC up to version 20240506. The vulnerability resides in an unknown part of /view/networkConfig/GRE/gre_add_commit.php, where manipulation of the name/remote/local/IP arguments enables OS command injection. Exploitation can be initiated remotely and has public disc...

CVE-2024-4806

CVE-2024-4806 affects Kashipara College Management System 1.0. The vulnerability is due to SQL injection in unknown code path within the file each_extracurricula_activities.php, triggered by manipulating the parameter id. It is a remote attack surface, and the exploit has been publicly disclosed....

CVE-2024-4797

The CVE-2024-4797 affects Campcodes Online Laundry Management System 1.0. The vulnerability resides in the /ajax.php endpoint where the arguments name/customer_name/username can be manipulated to trigger cross-site scripting. Exploitation can be performed remotely, and public exploitation informa...

CVE-2024-4794

CVE-2024-4794 affects Campcodes Online Laundry Management System 1.0. Affected is the /manage_receiving.php file where altering the id parameter enables SQL injection. The vulnerability can be exploited remotely and the exploit has been disclosed publicly (VDB-263893). Multiple sources confirm a ...

CVE-2024-4791 Contemporary Control System BASrouter BACnet BASRT-B Application Protocol Data Unit denial of service

A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit h...

CVE-2024-4790

CVE-2024-4790 affects DedeCMS 5.7.114. The vulnerability is a path traversal in /sys_verifies.php?action=view, where an attacker can manipulate the filename parameter with ../../../../../etc/passwd to disclose files (resulting in potential file read). Exploitation can be performed remotely, and d...

CVE-2024-4738

The CVE-2024-4738 entry describes a cross-site scripting (XSS) vulnerability in Campcodes Legal Case Management System 1.0. The issue stems from manipulation of the argument new_client, allowing injected scripts. The attack is reported as removable/remote-executable with public disclosure of the ...

CVE-2024-4677 Campcodes Complete Web-Based School Management System my_student_exam_marks1.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/mystudentexammarks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch t...

CVE-2024-4654 BlueNet Technology Clinical Browsing System cloudInterface.php sql injection

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTICODE leads to sql injection. It is possible to initiate the attack remotely...

CVE-2024-4653

BlueNet Technology Clinical Browsing System 1.2.1 is affected by CVE-2024-4653. The vulnerability targets an unknown functionality in the file /xds/outIndex.php where manipulation of the name parameter enables SQL injection. It can be exploited remotely and a public exploit has been disclosed. No...

CVE-2024-4648

Campcodes Complete Web-Based School Management System v1.0 contains a cross-site scripting (XSS) vulnerability in the /view/student_exam_mark_update_form.php file, triggered by manipulating the std_index parameter. Publicly disclosed exploits indicate remote attack potential. Connected sources co...