CVE-2024-4259

Missing Authorization vulnerability in SAMPAŞ Holding AKOS AkosCepVatandasService, SAMPAŞ Holding AKOS TahsilatService allows Collect Data as Provided by Users. This issue affects AKOS AkosCepVatandasService: before V2.0; AKOS TahsilatService: before V1.0.7...

CVE-2024-7462

CVE-2024-7462 affects TOTOLINK N350RT (firmware 9.3.5u.6139_B20201216). The vulnerability resides in the cstecgi.cgi script’s setWizardCfg function; manipulating the ssid parameter can trigger a buffer overflow. Exploitation is remote-capable and the exploit has been disclosed publicly. Multiple ...

CVE-2024-4816 Ruijie RG-UAC gre_add_commit.php os command injection

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. This affects an unknown part of the file /view/networkConfig/GRE/greaddcommit.php. The manipulation of the argument name/remote/local/IP leads to os command injection. It is possible to initiate the atta...

CVE-2024-4592

CVE-2024-4592 affects DedeCMS 5.7, specifically the /src/dede/sys_group_edit.php file. The vulnerability is a cross-site request forgery (CSRF) in unknown code paths, with remote initiation and public disclosure of the exploit. Multiple connected sources corroborate the affected software/version ...

CVE-2024-3207

A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be...

Sql injection

A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used...

Cross site request forgery (csrf)

A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlanbasicset.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The...

CVE-2023-5222

A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been...

Sql injection

A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/sealmanage/iweboffice/deleteseal.php. The manipulation of the argument DELETESTR leads to sql injection. The exploit has been disclosed to the public and may be used...

CVE-2023-4110 PHP Jabbers Availability Booking Calendar index.php cross site scripting

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument sessionid leads to cross site scripting. The attack can be launched...

Sql injection

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. T...

ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution

ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage:...

10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow SEH Exploit Author: Hashim Jawad - ihack4falafelx Date: 2018-06-05 Vendor Homepage: https://www.10-strike.com/ Vulnerable Software:...

Alio Applicant Portal 6.0 SQL Injection

| \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | | | |...

Xilisoft Video Converter Ultimate Dll Hijacking Exploit (quserex.dll)

Exploit for windows platform in category dos / poc / Title: Xilisoft Video Converter Ultimate Dll Hijacking Exploit quserex.dll Version: 7.8.1 build-20140505 Previous versions might be vulnerable Tested on: Windows XP SP2 en Vendor: http://www.xilisoft.com/ Software Link:...

Synology DSM4 Blind SQL Injection

Title: Synology DSM Blind SQL Injection Version affected: = 4.3-3827 Vendor: Synology Discovered by: Michael Wisniewski Status: Patched The file "/photo/include/blog/article.php" contains a Blind SQL Injection Vulnerability in the 'value' variable in the URL. The vendor was contacted approximatel...

Light Alloy 4.7.3 - .m3u Local Buffer Overflow (SEH Unicode)

Light Alloy 4.7.3 - .m3u Local Buffer Overflow SEH Unicode !/usr/bin/perl Exploit Title: Light Alloy 4.7.3 .m3u - SEH Buffer Overflow Unicode Date: 11-18-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: Light Alloy v4.7.3 Vendor Site: http://www.light-alloy.ru/...

Ushahidi 2.2 - Multiple Vulnerabilities

Exploit Title: Ushahidi 2.2 Multiple Vulnerabilites Date: 04/12/2012 Author: shpendk Software Link: http://download.ushahidi.com/ Version: 2.2 Tested on: Xampp on Windows Vendor Contact: 03/25/2012 - Contacted again: 03/28/2012 - No Response yet: 04/11/2012 - Full Disclosure: 04/12/2012 1 CSRF Ad...

Xerox Fiery Webtools - SQL Injection

Xerox Fiery Webtools - SQL Injection Hello i am from portugal and i would like to report a new vulnerability in Xerox Fiery Webtools. The probleam is in /wt3/ summary.php?select= if you and ' you have the possibility to exploit this condition to inject SQL code. Already have contact the vendor be...

W3Filer 2.1.3 Remote Stack Overflow PoC

No description provided by source. / W3Filer Buffer Overflow Vulnerability DoS POC r0ut3r writ3r at gmail.com Version: 2.1.3 Description: If the client recieves a large banner when attempting to send a file the application will freeze, resulting in the user having to kill the application...