946 matches found
CVE-2024-4654 BlueNet Technology Clinical Browsing System cloudInterface.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTICODE leads to sql injection. It is possible to initiate the attack remotely...
CVE-2024-4653
BlueNet Technology Clinical Browsing System 1.2.1 is affected by CVE-2024-4653. The vulnerability targets an unknown functionality in the file /xds/outIndex.php where manipulation of the name parameter enables SQL injection. It can be exploited remotely and a public exploit has been disclosed. No...
CVE-2024-4648
Campcodes Complete Web-Based School Management System v1.0 contains a cross-site scripting (XSS) vulnerability in the /view/student_exam_mark_update_form.php file, triggered by manipulating the std_index parameter. Publicly disclosed exploits indicate remote attack potential. Connected sources co...
CVE-2024-4645 SourceCodester Prison Management System changepassword.php cross site scripting
A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtoldpassword/txtnewpassword/txtconfirmpassword leads to cross site scripting...
CVE-2024-4589
CVE-2024-4589 affects DedeCMS 5.7, with vulnerability in the file /src/dede/mytag_edit.php leading to cross-site request forgery. The initial descriptions indicate a remote, publicly disclosed exploit and a non-specified impact on confidentiality and integrity, limited to CSRF (I:L) and no availa...
CVE-2024-4586
DedeCMS 5.7 is exposed to a cross-site request forgery in /src/dede/shops_delivery.php. The vulnerability (CSRF) can be triggered remotely and its exploit has been disclosed publicly. No concrete remediation is documented in the provided sources; at least one entry notes that a fix/updated versio...
CVE-2024-4523
CVE-2024-4523 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability arises from cross-site scripting in the year parameter of the file /view/teacher_attendance_history1.php, enabling remote exploitation. Multiple connected sources confirm the issue and its public di...
CVE-2024-4511 Shanghai Sunfull Automation BACnet Server HMI1002-ARM Message buffer overflow
A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The...
CVE-2024-4497
A vulnerability was found in Tenda i21 1.0.0.144656. It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2024-4495
A vulnerability was found in Tenda i21 1.0.0.144656 and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publ...
CVE-2024-4495
CVE-2024-4495 affects Tenda i21 (firmware 1.0.0.14(4656)). The issue is in the function formWifiMacFilterGet where the index argument can be mishandled, causing a stack-based buffer overflow. Several connected sources confirm a remote-exploit capable scenario with this vulnerability, rated high/s...
CVE-2024-3191
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the...
CVE-2024-4292 Contemporary Controls BASrouter BACnet BASRT-B Device-Communication-Control Service denial of service
A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f lead...
CVE-2024-4257
BlueNet Technology Clinical Browsing System 1.2.1 has a SQL injection vulnerability in the unknown part of the file /xds/deleteStudy.php caused by manipulating the parameter documentUniqueId . The issue can be triggered remotely and is publicly disclosed per the CVE entry. A remediation is to upd...
CVE-2024-4244
A vulnerability classified as critical was found in Tenda W9 1.0.0.74456. Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffe...
CVE-2024-4243 Tenda W9 wifiSSIDset formwrlSSIDset stack-based overflow
A vulnerability classified as critical has been found in Tenda W9 1.0.0.74456. Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has be...
CVE-2024-4239
The CVE-2024-4239 vulnerability affects the Tenda AX1806 (version 1.0.0.1) and centers on the function formSetRebootTimer in /goform/SetRebootTimer. The rebootTime argument can cause a stack-based buffer overflow, enabling a remote attacker to potentially execute code or crash the device. Exploit...
CVE-2024-4071
CVE-2024-4071 affects Kashipara Online Furniture Shopping Ecommerce Website version 1.0. The vulnerability is in the prodInfo.php file, where manipulation of the prodId argument leads to SQL injection. An attacker can exploit remotely; public disclosure is noted. Several connected sources confirm...
CVE-2024-4019
A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Affected is an unknown function of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. It is possible to launch the attack remotely. The exploit has...
CVE-2024-3909
A vulnerability classified as critical was found in Tenda AC500 2.0.1.91307. Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The...