CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/01/26 8:8 a.m.•45 views

CVE-2024-0919

CVE-2024-0919 affects TRENDnet TEW-815DAP v1.0.2.0. The vulnerability resides in the POST Request Handler’s do_setNTP function; manipulation of the NtpDstStart/NtpDstEnd parameters enables remote command injection. Public exploit exists. Impact is described as critical. Interim mitigations from P...

9CVSS7.4AI score0.22549EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2024/01/26 8:8 a.m.•13 views

CVE-2024-0919 TRENDnet TEW-815DAP POST Request do_setNTP command injection

9CVSS7.6AI score0.22549EPSS

Cvelist•added 2024/01/26 8:8 a.m.•19 views

CVE-2024-0918 TRENDnet TEW-800MB POST Request os command injection

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...

8.3CVSS7.6AI score0.25438EPSS

Positive Technologies•added 2024/01/26 12:0 a.m.•3 views

PT-2024-1396 · Trendnet · Trendnet Tew-800Mb

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-800MB version 1.0.1.0 Description: A critical issue was found in the component POST Request Handler, where the manipulation of the DeviceURL argument leads to os command injection. This allows an attacker to execute arbitrary...

8.3CVSS8.7AI score0.25438EPSS

Exploits1References8

Positive Technologies•added 2024/01/26 12:0 a.m.•3 views

PT-2024-1397 · Trendnet · Trendnet Tew-822Dre

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version 1.03B02 Description: A critical issue affects the file /admin ping.htm of the component POST Request Handler. The manipulation of the ipv4 ping/ipv6 ping argument leads to command injection. This can be initiated...

8.3CVSS7.6AI score0.08648EPSS

Exploits1References7

CVE•added 2024/01/21 8:0 a.m.•111 views

CVE-2024-0769

CVE-2024-0769 corresponds to a path-traversal vulnerability in D-Link DIR-859 routers (affected file: /hedwig.cgi). Connected sources confirm the issue is triggered by manipulating the service argument with ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml, enabling remote access. The affected...

9.8CVSS9.4AI score0.82714EPSS

In wildExploits1References6Affected Software1

NVD•added 2024/01/19 9:15 p.m.•14 views

CVE-2024-0733

A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument datasign leads to sql injection. It is possible to launch the attack remotely. The...

9.8CVSS7.5AI score0.00509EPSS

Prion•added 2024/01/19 9:15 p.m.•18 views

Sql injection

6.5CVSS7.7AI score0.00509EPSS

CVE•added 2024/01/19 8:31 p.m.•66 views

CVE-2024-0733

CVE-2024-0733 affects Smsot up to version 2.12, impacting the HTTP POST Request Handler in /api.php where manipulating the data[sign] parameter enables SQL injection. This is a remote, unauthenticated condition that can compromise confidentiality, integrity, and availability as indicated by CVSS ...

9.8CVSS9.7AI score0.00509EPSS

NVD•added 2024/01/19 4:15 p.m.•9 views

CVE-2024-0718

A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The...

4.8CVSS4AI score0.00494EPSS

OSV•added 2024/01/19 4:15 p.m.•9 views

CVE-2024-0718

4.8CVSS6.2AI score

Positive Technologies•added 2024/01/19 12:0 a.m.•5 views

PT-2024-15777 · Unknown · Liuwy-Dlsdys Zhglxt

Name of the Vulnerable Software and Affected Versions: liuwy-dlsdys zhglxt version 4.7.7 Description: A problematic issue has been found in the HTTP POST Request Handler component, affecting the processing of the file /oa/notify/edit. The manipulation of the notifyTitle argument leads to cross-si...

4.8CVSS4.1AI score0.00494EPSS

Exploits1References8

NVD•added 2024/01/15 2:15 a.m.•8 views

CVE-2024-0530

A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reggo.php of the component HTTP POST Request Handler. The manipulation of the argument usernamereg leads to sql injection. The exploit has...

9.8CVSS6.8AI score0.00607EPSS

NVD•added 2024/01/15 2:15 a.m.•11 views

CVE-2024-0529

A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/loginauth.php of the component HTTP POST Request Handler. The manipulation of the argument usernamelogin leads to sql injection...

9.8CVSS6.9AI score0.00727EPSS

Prion•added 2024/01/15 2:15 a.m.•12 views

Sql injection

5.2CVSS7.6AI score0.00727EPSS

Prion•added 2024/01/15 2:15 a.m.•22 views

Sql injection

5.2CVSS7.5AI score0.00607EPSS

CVE•added 2024/01/15 1:31 a.m.•42 views

CVE-2024-0530

CXBSoft Post-Office ≤1.0 is affected by a SQL injection in the HTTP POST Request Handler (/apps/reg_go.php) via the username_reg parameter. Exploit disclosed publicly; vulnerability details consistently reported across multiple sources. No patch/version fix details provided in the documents. Prac...

9.8CVSS9.5AI score0.00607EPSS