CVE-2025-1105

SiberianCMS 4.20.6 is affected by CVE-2025-1105 due to an issue in the HTTP GET Request Handler: the file /app/sae/design/desktop/flat can be manipulated to trigger cross-site scripting. The vulnerability arises from an unknown functionality in that handler, with remote exploitation and public di...

CVE-2024-1197

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...

CVE-2024-10916

CVE-2024-10916 affects D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. The issue resides in the HTTP GET Request Handler’s /xml/info.xml, where an improper handling allows remote information disclosure. Public exploit information exists, enabling remote initiation without user int...

CVE-2024-6746

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

CVE-2024-6746

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

CVE-2024-6746

NaiboWang EasySpider 0.6.2 on Windows has a path-traversal vulnerability in the HTTP GET Request Handler (server.js) that allows reading arbitrary Windows files via input like /../../../../../../../../../Windows/win.ini. Exploitation is possible within a local network, and public disclosure has o...

CVE-2024-3274

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation...

CVE-2024-3273

Affected products: D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L NAS devices (firmware up to 2024-04-03). Vulnerability: Command injection in the HTTP GET Request Handler, exploiting the "/cgi-bin/nas_sharing.cgi" component via manipulation of system arguments. Impact: Remote code execution al...

CVE-2024-3273

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

Sql injection

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/managecategory.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql...

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...

CVE-2024-0885

A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

CVE-2024-0717

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853,...

CVE-2024-0717

Affects a wide range of D-Link devices (e.g., DAP-1360, DIR-300, DIR-615, DIR-620, DVG-series, Good Line Router v2, and others) with the vulnerability residing in the HTTP GET Request Handler for /devinfo. The underlying issue is improper handling of the area parameter, where input such as notice...

CVE-2024-0695

A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched...

CVE-2024-0695

A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched...

CVE-2024-0695

CVE-2024-0695 affects EFS Easy Chat Server 3.1. The vulnerability resides in the HTTP GET Request Handler, where manipulating the USERNAME argument causes a remote denial of service. Exploitation is possible remotely and the exploit has been disclosed publicly. Connected sources consistently desc...

Efs Software EFS Easy Chat Server Security Vulnerability

Efs Software EFS Easy Chat Server is a suite of online chat server software from the Dutch company Efs Software. A security vulnerability exists in EFS Easy Chat Server version 3.1 due to a denial of service DOS vulnerability in the parameter USERNAME of the component HTTP GET Request Handler...

CVE-2024-0464

A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file deletefaculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the...

Sql injection

A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file deletefaculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the...