110 matches found
CVE-2024-2485
A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speeddir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...
CVE-2024-53296
Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...
CVE-2025-0680 New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.
Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud...
Advisory ROSA-SA-2025-2551
Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.6.res7 CVE-ID: CVE-2018-20685 BDU-ID: 2019-00773 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OpenSSH cryptographic security tool is caused by errors in the validation of the scp.c directory name in the scp clien...
CVE-2025-0227
CVE-2025-0227 affects Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). A vulnerability in the file /Logs/Annals/downLoad.html stems from manipulation of the path argument, resulting in information disclosure. The issue can be triggered remotely, and public exploit information exist...
CVE-2024-12926 Codezips Project Management System advanced.php sql injection
A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The...
The vulnerability of the dropbearpwd component in the TP-Link TL-WR841N router’s microprogramming software allows a intruder to gain unauthorized access to protected information.
The vulnerability of the dropbearpwd component in the TP-Link TL-WR841N router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the bs_SetLimitCli_info function in the /lib/libshare-0.0.26.so library of the LB-LINK router software allows a attacker to gain full access to the device.
The vulnerability of the bsSetLimitCliinfo function in the /lib/libshare-0.0.26.so file of the LB-LINK router software is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full...
CVE-2023-25544
Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks...
SUSE CVE-2017-10311
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: FTS. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
The vulnerability of the Slurm resource manager management module, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.
The vulnerability of the Slurm resource manager is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions from a remote location...
QSAN Storage Manager 后置链接漏洞
QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A security vulnerability exists in QSAN Storage Manager, which can be exploited by remote attackers to create symbolic links and then access arbitrary files...
Orangehrm SQL Injection Vulnerability (CNVD-2021-01999)
Orangehrm is a human resource management system HRM from Orangehrm, USA. The system supports personnel information management, leave management, attendance management and recruitment management. OrangeHRM versions prior to 4.6.0.1 suffer from a SQL injection vulnerability that stems from the...
EUVD-2016-6623
cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...
DansGuardian Webmin Module 0.x Edit.CGI Remote Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9394/info A problem has been identified in the handling of input by scripts packaged with the DansGuardian Webmin Module. Because of this, it is possible for a remote to gain access to potentially sensitive information...
SpecView Web Server Directory Traversal Vulnerability (Jul 2012) - Active Check
SpecView is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2011-3667
CVE-2011-3667 affects Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3. The root cause is that when createemailregexp is not empty, Bugzilla does not properly apply the user_can_create_account setting, allowing remote attacker...
Simple PHP Guestbook 1.0 Administrative Access
Vendor: http://www.simplephpguestbook.com/ Version: 1.0 Tested on: Windows and Linux -------------------------------------- Simple PHP Guestbook Remote Admin Access Exploit Created by Sora + contact: vhr95zw at hotmail.com Description: Simple PHP Guestbook suffers an remote access in the guestboo...
CVE-2008-6767
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service application outage, via a direct request...
ASPTicker 1.0 - Remote Database Disclosure
ASPTicker 1.0 DD Remote Vuln. ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Home: www.z0rlu.blogspot.com N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ----------------------------------------------------------- exp for demo: DD...