CVE-2024-7066

CVE-2024-7066 affects F-logic DataCube3 1.0. The vulnerability resides in the HTTP POST Request Handler, specifically the file /admin/config_time_sync.php, where manipulating the ntp_server argument enables OS command injection. Exploitation can be remote and the exploit has been disclosed public...

LabVantage Solutions LIMS Cross-Site Scripting Vulnerability

LabVantage Solutions LIMS is a laboratory letter management system from LabVantage Solutions, USA. A cross-site scripting vulnerability exists in LabVantage Solutions LIMS version 2017, which stems from the handling of an unknown function for the parameter mode in a file processed by the POST...

SourceCodester Vehicle Management 代码问题漏洞

SourceCodester Vehicle Management is a vehicle management software from SourceCodester, Inc. A code issue exists in the SourceCodester Vehicle Management System up to version 1.0, which is caused by an unknown function in the component HTTP POST Request Handler. that causes unrestricted uploads v...

PT-2024-19014 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/operations/expense category.php, specifically the HTTP POST Reque...

The vulnerability of the do_setNTP() function in the POST Request Handler component of the Trendnet TEW-815DAP router’s microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the dosetNTP function in the POST Request Handler component of the Trendnet TEW-815DAP router’s microprogramming system is related to insufficient validation of the NtpDstStart/NtpDstEnd parameter passed in the command. Exploiting this vulnerability could allow a remote...

CVE-2024-1028

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input HACKED leads to cross site scripting. T...

CVE-2024-1027

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this...

CVE-2024-1027

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this...

PT-2024-16149 · Sourcecodester · Sourcecodester Facebook News Feed Like

Name of the Vulnerable Software and Affected Versions: SourceCodester Facebook News Feed Like version 1.0 Description: A critical issue was found in the Post Handler component, allowing for unrestricted upload. This can be exploited remotely. Recommendations: For version 1.0, consider disabling t...

PT-2024-16155 · Sourcecodester · Sourcecodester Facebook News Feed Like

Name of the Vulnerable Software and Affected Versions: SourceCodester Facebook News Feed Like version 1.0 Description: A vulnerability has been found in the Post Handler component, allowing for cross-site scripting. The issue arises from the manipulation of the Description argument with malicious...

Path traversal

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input...

PT-2024-15635 · Allegro · Allegro Rompager

Name of the Vulnerable Software and Affected Versions: Allegro RomPager version 4.01 Description: A problematic issue was found in the HTTP POST Request Handler component, specifically in the file usertable.htm?action=delete. The manipulation of the username argument leads to cross-site request...

PT-2024-15643 · Cxbsoft · Cxbsoft Post-Office

Name of the Vulnerable Software and Affected Versions: CXBSoft Post-Office versions up to 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file /apps/reg go.php. The manipulation of the username reg argument leads to sql injection. The...

PT-2024-15640 · Unknown · Cxbsoft Url-Shorting

Name of the Vulnerable Software and Affected Versions: CXBSoft Url-shorting versions up to 1.3.1 Description: A critical issue has been found in the processing of the file /admin/pages/update go.php of the component HTTP POST Request Handler. The manipulation of the version argument leads to SQL...

CVE-2024-0496

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file itemlistedit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...

CVE-2024-0495

A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file partysubmit.php of the component HTTP POST Request Handler. The manipulation of the argument partyname leads to sql injection. The attack can be initiat...

PT-2024-15596 · Taokeyun · Taokeyun

Name of the Vulnerable Software and Affected Versions: Taokeyun versions up to 1.0.5 Description: A critical issue has been found, affecting the function login of the file application/index/controller/m/User.php in the HTTP POST Request Handler component. The manipulation of the username argument...

PT-2024-15609 · Unknown · Kashipara Billing

Name of the Vulnerable Software and Affected Versions: Kashipara Billing Software version 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file buyer detail submit.php. The manipulation of the gstn no argument leads to sql injection. This...

CVE-2024-0461

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to laun...

CVE-2024-0419

A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the...