CVE-2024-7328

The CVE-2024-7328 entry concerns YouDianCMS version 7. The vulnerability arises from how the file "/t.php?action=phpinfo" is processed, enabling information disclosure. Several Connected documents confirm remote feasibility and public disclosure of the exploit, indicating an information disclosur...

CVE-2024-7321

A vulnerability classified as problematic was found in itsourcecode Online Blood Bank Management System 1.0. This vulnerability affects unknown code of the file signup.php of the component User Registration Handler. The manipulation of the argument user leads to cross site scripting. The attack c...

CVE-2024-7303

The CVE-2024-7303 entry concerns itsourcecode Online Blood Bank Management System v1.0. A cross-site scripting vulnerability exists in the Send Blood Request Page, specifically via manipulation of the Address/bloodgroup argument in /request.php. This can be exploited remotely and the exploit has ...

CVE-2024-7303 itsourcecode Online Blood Bank Management System Send Blood Request Page request.php cross site scripting

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argument Address/bloodgroup leads to cross sit...

CVE-2024-7215

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hosttime leads to command injection. The attack may be launched remotely. The exploit has...

CVE-2024-7188

A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the component GET Parameter Handler. The manipulation of the argument range2 leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-7183 TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-7170

The CVE-2024-7170 entry refers to TOTOLINK A3000RU (version 5.9c.5185) with a vulnerability in processing /web_cste/cgi-bin/product.ini that enables use of a hard-coded password. The issue has been disclosed publicly and the vendor did not respond to disclosure. Connected sources corroborate the ...

CVE-2024-7159 TOTOLINK A3600R Telnet Service product.ini hard-coded password

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. It has been rated as critical. This issue affects some unknown processing of the file /webcste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been...

CVE-2024-7159 TOTOLINK A3600R Telnet Service product.ini hard-coded password

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. It has been rated as critical. This issue affects some unknown processing of the file /webcste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been...

CVE-2024-7080

CVE-2024-7080 affects SourceCodester Insurance Management System 1.0. The vulnerability resides in an unknown function of the file /E-Insurance/, allowing a remote attacker to trigger a direct request. Exploit details have been disclosed publicly (VDB-272365). NVD CVSS3.1 base score is 7.5 (HIGH)...

CVE-2024-6949 Gargaj wuhu path traversal

A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?edit=News. The manipulation leads to path traversal. The attack can be launched remotely. The exploi...

CVE-2024-6946 Flute CMS list code injection

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2024-6802 SourceCodester Computer Laboratory Management System Master.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=saverecord. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

CVE-2024-40630 HEIF Heap OOB Read in OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...

CVE-2024-6735 itsourcecode Tailoring Management System setgeneral.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file setgeneral.php. The manipulation of the argument sitename/email/mobile/sms/currency leads to sql injection. The attack can be initiated...

CVE-2024-6732 SourceCodester Student Study Center Desk Management System Users.php sql injection

A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotel...

CVE-2024-37932

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...

CVE-2024-37928

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0...

CVE-2024-37932 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...