CVE-2023-28760

TP-Link AX1800 WiFi 6 Router Archer AX21 devices allow unauthenticated attackers on the LAN to execute arbitrary code as root via the dbdir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in...

PT-2006-1803 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error...