Lucene search
K

238 matches found

CVE
CVE
added 2025/01/31 12:0 a.m.674 views

CVE-2024-53584

CVE-2024-53584 pertains to OpenPanel v0.3.4, which contains an OS command injection vulnerability via the timezone parameter . The vulnerability affects the endpoint that handles timezone settings (notably POST /server/timezone), enabling an attacker to inject and execute arbitrary system command...

9.8CVSS7.7AI score0.04108EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/31 12:0 a.m.9 views

CVE-2024-53584

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter...

7.6AI score0.04108EPSS
Exploits4References2
Cvelist
Cvelist
added 2025/01/31 12:0 a.m.13 views

CVE-2024-53584

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter...

0.04108EPSS
Exploits4References2
0day.today
0day.today
added 2025/01/30 12:0 a.m.365 views

OpenPanel 0.3.4 Command Injection Vulnerability

Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The Timezone Parameter Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53584 POST...

9.8CVSS6.8AI score0.04108EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/01/29 12:0 a.m.410 views

OpenPanel 0.3.4 Command Injection

OpenPanel version 0.3.4 suffers from a remote command injection vulnerability via the timezone parameter. Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The Timezone Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage:...

7.7AI score0.04108EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/11/20 12:0 a.m.7 views

The vulnerability of the FUN_0044db3c function (/goform/fast_setting_wifi_set) in the Tenda AC10 router’s microprogramming system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the FUN0044db3c function /goform/fastsettingwifiset of the Tenda AC10 router’s microprogramming software is related to buffer overflow in the stack when processing the timeZone parameter. Exploiting this vulnerability can allow an attacker to compromise the confidentiality,...

9CVSS8AI score0.01165EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2024/11/10 12:0 a.m.5 views

Tenda AC10 安全漏洞

The Tenda AC10 is an 11ac dual band router designed for homes with 200 megabit and above fiber. A stack buffer overflow vulnerability exists in the Tenda AC10. The vulnerability stems from a stack-based buffer overflow caused by the parameter timeZone in the FUN0044db3c function of the...

9CVSS7.3AI score0.01165EPSS
Exploits1References1
NVD
NVD
added 2024/04/23 5:15 a.m.30 views

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

9.8CVSS9.6AI score0.01025EPSS
Exploits0References4
OSV
OSV
added 2024/04/23 5:15 a.m.17 views

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

9.8CVSS7.4AI score
Exploits0References4
Cvelist
Cvelist
added 2024/04/23 5:0 a.m.37 views

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

9.8CVSS9.8AI score0.01025EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.4 views

PT-2024-6583

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.7 Description: The issue is related to improper sanitization of the timezone parameter in the readCodeFor function, which can lead to Arbitrary Code Injection when calling a native MySQL Server date/time function...

10CVSS8.8AI score0.01025EPSS
Exploits0References11
Snyk
Snyk
added 2024/04/21 11:12 a.m.3 views

Arbitrary Code Injection

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time...

9.8CVSS7.1AI score0.01025EPSS
Exploits0References2
OSV
OSV
added 2024/04/17 4:15 p.m.4 views

CVE-2024-32320

Tenda AC500 V2.0.1.91307 firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function...

5.9CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2024/04/17 12:0 a.m.10 views

CVE-2024-32320

Tenda AC500 V2.0.1.91307 firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function...

7.3AI score0.00577EPSS
Exploits1References1
CVE
CVE
added 2024/04/17 12:0 a.m.61 views

CVE-2024-32320

The CVE describes a stack overflow in Tenda AC500 firmware (version 2.0.1.9(1307)) triggered by the timeZone parameter in the formSetTimeZone function. Affected component: Tenda AC500 device firmware; root cause: improper handling/validation of the timeZone input leading to stack overflow. Impact...

5.9CVSS7.4AI score0.00577EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.3 views

PT-2024-24508 · Tenda · Tenda Ac500

Name of the Vulnerable Software and Affected Versions: Tenda AC500 version 2.0.1.91307 Description: The issue is a stack overflow vulnerability that can be exploited via the timeZone parameter in the formSetTimeZone function. This allows for potential unauthorized access or control...

5.9CVSS7.3AI score0.00577EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2023/12/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-28343

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...

9.8CVSS7.3AI score0.85332EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2023/09/27 3:19 p.m.4 views

CVE-2023-44017

Tenda AC10U v1.0 USAC10UV1.0RTLV15.03.06.49multiTDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...

9.8CVSS5.9AI score0.0091EPSS
Exploits0References2
NVD
NVD
added 2023/09/27 3:19 p.m.24 views

CVE-2023-44017

Tenda AC10U v1.0 USAC10UV1.0RTLV15.03.06.49multiTDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...

9.8CVSS9.7AI score0.0091EPSS
Exploits0References1
OSV
OSV
added 2023/09/27 3:19 p.m.4 views

CVE-2023-44017

Tenda AC10U v1.0 USAC10UV1.0RTLV15.03.06.49multiTDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...

9.8CVSS5.9AI score0.0091EPSS
Exploits0References1
Rows per page
Query Builder