CVE-2024-2547

CVE-2024-2547 affects Tenda AC18, version 15.03.05.05, specifically the R7WebsSecurityHandler. The issue is a stack‑based buffer overflow triggered by manipulating the password argument, and the attack is network‑based with the potential for remote exploitation. Publicly disclosed exploit informa...

CVE-2024-2546 Tenda AC18 fromSetWirelessRepeat stack-based overflow

A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has bee...

CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2488

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The...

CVE-2024-2485

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speeddir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

CVE-2024-2482

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

CVE-2024-2482 Surya2Developer Hostel Management Service HTTP POST Request check_availability.php observable response discrepancy

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

CVE-2024-2365

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with...

CVE-2024-2365

CVE-2024-2365 (Musicshelf, Android) affects Musicshelf 1.0/1.1. The vulnerability concerns an unknown function in PinningTrustManager.java (SHA-1 Handler) where manipulation could lead to a password hash with insufficient computational effort. Exploitation is described as possible on a physical d...

CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

Command injection

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...

Buffer overflow

A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function adwritedata of the file System.cpp. The manipulation of the argument adcode leads to buffer overflow. The attack can be initiated remotely. The...

CVE-2024-2316

CVE-2024-2316 affects Bdtask Hospital AutoManager up to 20240227. The vulnerability is a cross-site request forgery (CSRF) in the Update Bill Page, specifically the /billing/bill/edit/ path, enabling a remote attacker to induce unauthorized actions on behalf of an authenticated user. Public explo...

Sql injection

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated...

Improper access control

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif...

CVE-2024-2281

CVE-2024-2281 affects boyiddha Automated-Mess-Management-System 1.0, specifically the /admin/index.php file in the Setting Handler. The vulnerability enables improper access controls and can be exploited remotely, with multiple sources describing a critical impact and public disclosure. Root caus...

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expensecategory.php of the component HTTP POST Request Handler. The manipulation of the argument status leads...

CVE-2024-2156

CVE-2024-2156 affects SourceCodester Best POS Management System 1.0. The vulnerability is a SQL injection in an unknown function within admin_class.php, triggered by manipulating the img argument. The issue can be exploited remotely and a public exploit exists. Multiple connected sources corrobor...

Cross site scripting

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launch...