Student Record System admin-profile.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...

Tenda AX3 saveParentControlInfo function stack buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability, which stems from the deviceId parameter of t...

Online Event Judging System action.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in the parameter content in the file /ajax/action.php. An attacker can exploit...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24263)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The exploits are categorized by the affected product or framework, and the vulnerability class/vector is also identified. The PoCs are: 1. ActiveMQ/ActiveMQExP.py: This is a PoC exploit f...

Huawei EMUI/HarmonyOS Out-of-Bounds Write Vulnerability

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a mobile operating system based on Android, and Huawei HarmonyOS, a distributed operating system developed by Huawei for the whole scenario, aiming at realizing intelligent interconnection and resource sharing among people, devices, an...

Shenzhen Xunlei.com Culture Co., Ltd. light and shadow look at the existence of heap transgression write vulnerability

Light Viewer is a professional image viewing software. A heap out-of-bounds write vulnerability exists in Shenzhen Xunlei.com Culture Co. An attacker can exploit this vulnerability to cause the software to crash...

GROWCHAIN Number Error Vulnerability

GROWCHAIN GROW is an ethereum-based digital currency.An integer overflow vulnerability exists in the 'sell' function in GROW's smart contract implementation. A remote attacker could exploit this vulnerability to set a user's balance to an arbitrary value...

Logic Flaw Vulnerability in HashHeroes Tiles

A security vulnerability exists in the 'determineWinner' function in the smart contract implementation of HashHeroes Tiles, an ethereum-based guessing game. An attacker could exploit this vulnerability to control the awarding of prizes by being the last user to make a purchase...

Polycom HDX Operating System Command Injection Vulnerability

Polycom HDX is a high-definition video conferencing system from Polycom. A security vulnerability exists in Polycom HDX. An attacker could exploit the vulnerability to execute system commands with root privileges...

IBM Robotic Process Automation with Automation Anywhere Information Disclosure Vulnerability (CNVD-2018-22535)

IBM Robotic Process Automation with Automation Anywhere is a process automation solution developed by IBM USA and Automation Anywhere. A security vulnerability exists in IBM Robotic Process Automation with Automation Anywhere version 11.0. An attacker could exploit the vulnerability to obtain...

SquirrelMail Cross-Site Scripting Vulnerability (CNVD-2019-19610)

SquirrelMail is a cross-platform use of PHP4 development Webmail mail system . A cross-site scripting vulnerability exists in the email message display page of SquirrelMail 1.4.22 and earlier versions, which can be exploited by remote attackers to inject malicious scripts into a web page and...

D-Link DSL-3782 Buffer Overflow Vulnerability (CNVD-2018-09182)

The D-Link DSL-3782 is a wireless router product from AUO D-Link. A buffer overflow vulnerability exists in the /userfs/bin/tcapi binary in the D-Link DSL-3782. An attacker could exploit this vulnerability to cause memory corruption, potentially redirect program flow, and execute arbitrary code...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2017-33939)

Java SE is short for Java Platform Standard Edition, for the development and deployment of desktop, server, and embedded devices and real-time environment of Java applications. Java SE Embedded is based on Java SE, and provides specific features and support for embedded systems. A security...

Xen 'xen/arch/arm/gic.c' Denial of Service Vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge in the United Kingdom. Xen has a security vulnerability that allows an attacker to crash the system by submitting a special request that could be exploited...

EasyCom For PHP Buffer Overflow Vulnerability

Easycom is a solution for developing and deploying applications across all platforms. A buffer overflow vulnerability exists in the EasyCom PHP API. An attacker could exploit this vulnerability to execute arbitrary code on an affected system...

Popcorn Time DLL Hijacking Vulnerability

Popcorn Time is an open source movie player that plays HD movies directly from cloud servers via seed files. A DLL hijacking vulnerability exists in Popcorn Time version 5.6, which can be exploited by local attackers to inject code or gain advanced access...

QEMU '/hw/display/virtio-gpu-3d.c' denial of service vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in the file /hw/display/virtio-gpu-3d.c in QEMU. An attacker can exploit this vulnerability to cause ...

Oracle Siebel CRM Siebel Core - Server Framework component has an unspecified vulnerability (CNVD-2016-05483)

Oracle Siebel CRM is the United States Oracle Oracle company's set of customer relationship management solutions, which includes sales management, marketing management, customer service systems, call centers and other modules.Siebel Core - Server Framework is one of the server framework component...

Multiple Generic Vulnerabilities in the Special Equipment Inspection Management System of Tronda Electronics Co.

Tronda Electronics Co., Ltd. is a business dealing in camera accessories. A file read and SQL injection vulnerability exists in the Special Equipment Inspection Management System of Tronda Electronics Ltd. Allows attackers to utilize common SQL injection tools to obtain sensitive database...