238 matches found
CVE-2024-53584
CVE-2024-53584 pertains to OpenPanel v0.3.4, which contains an OS command injection vulnerability via the timezone parameter . The vulnerability affects the endpoint that handles timezone settings (notably POST /server/timezone), enabling an attacker to inject and execute arbitrary system command...
CVE-2024-53584
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter...
CVE-2024-53584
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter...
OpenPanel 0.3.4 Command Injection Vulnerability
Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The Timezone Parameter Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53584 POST...
OpenPanel 0.3.4 Command Injection
OpenPanel version 0.3.4 suffers from a remote command injection vulnerability via the timezone parameter. Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The Timezone Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage:...
The vulnerability of the FUN_0044db3c function (/goform/fast_setting_wifi_set) in the Tenda AC10 router’s microprogramming system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the FUN0044db3c function /goform/fastsettingwifiset of the Tenda AC10 router’s microprogramming software is related to buffer overflow in the stack when processing the timeZone parameter. Exploiting this vulnerability can allow an attacker to compromise the confidentiality,...
Tenda AC10 安全漏洞
The Tenda AC10 is an 11ac dual band router designed for homes with 200 megabit and above fiber. A stack buffer overflow vulnerability exists in the Tenda AC10. The vulnerability stems from a stack-based buffer overflow caused by the parameter timeZone in the FUN0044db3c function of the...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
PT-2024-6583
Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.7 Description: The issue is related to improper sanitization of the timezone parameter in the readCodeFor function, which can lead to Arbitrary Code Injection when calling a native MySQL Server date/time function...
Arbitrary Code Injection
Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...
CVE-2024-32320
Tenda AC500 V2.0.1.91307 firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function...
CVE-2024-32320
Tenda AC500 V2.0.1.91307 firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function...
CVE-2024-32320
The CVE describes a stack overflow in Tenda AC500 firmware (version 2.0.1.9(1307)) triggered by the timeZone parameter in the formSetTimeZone function. Affected component: Tenda AC500 device firmware; root cause: improper handling/validation of the timeZone input leading to stack overflow. Impact...
PT-2024-24508 · Tenda · Tenda Ac500
Name of the Vulnerable Software and Affected Versions: Tenda AC500 version 2.0.1.91307 Description: The issue is a stack overflow vulnerability that can be exploited via the timeZone parameter in the formSetTimeZone function. This allows for potential unauthorized access or control...
VulnCheck KEV: CVE-2023-28343
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...
CVE-2023-44017
Tenda AC10U v1.0 USAC10UV1.0RTLV15.03.06.49multiTDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...
CVE-2023-44017
Tenda AC10U v1.0 USAC10UV1.0RTLV15.03.06.49multiTDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...
CVE-2023-44017
Tenda AC10U v1.0 USAC10UV1.0RTLV15.03.06.49multiTDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...