Out-of-bounds

A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument fileupload leads to unrestricted upload. The attack can be initiat...

CVE-2024-0941 Novel-Plus list sql injection

A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier...

Stack overflow

A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49multiTDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2024-0931 Tenda AC10U saveParentControlInfo stack-based overflow

A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49multiTDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has bee...

CVE-2024-0928

A vulnerability was found in Tenda AC10U 15.03.06.49multiTDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit h...

Stack overflow

A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49multiTDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapskcrypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

Stack overflow

A vulnerability has been found in Tenda AC10U 15.03.06.49multiTDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclos...

Stack overflow

A vulnerability was found in Tenda AC10U 15.03.06.49multiTDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the publi...

Stack overflow

A vulnerability was found in Tenda AC10U 15.03.06.49multiTDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit ha...

CVE-2024-0926 Tenda AC10U formWifiWpsOOB stack-based overflow

A vulnerability was found in Tenda AC10U 15.03.06.49multiTDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the publi...

Command injection

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...

Cross site scripting

A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input alertdocument.cookie leads to cross site scripting. The attack can be launched remotely...

CVE-2024-0888

A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

CVE-2024-0782

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be...

Memory corruption

A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attac...

CVE-2024-0737

A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2024-0737

CVE-2024-0737 affects Xlightftpd Xlight FTP Server 1.1, specifically the Login component where manipulating the user argument can cause a remote denial of service. Public disclosures (including Exploit-DB/PacketStorm entries) indicate an attacker can trigger the issue remotely; exploitation activ...

CVE-2024-0737 Xlightftpd Xlight FTP Server Login denial of service

A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2024-0736

A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

Sql injection

A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file courseajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...