CVE-2024-41366

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\userScripts.php...

CVE-2024-41368

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\inc.setWlanIpMail.php...

CVE-2024-41367

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\api\playlist\appendFileToPlaylist.php...

CVE-2024-41369

CVE-2024-41369 affects RPi-Jukebox-RFID v2.7.0, with a remote code execution (RCE) vulnerability exploitable via htdocs\inc.setWifi.php. Connected sources (NVD/Red Hat/CVE records) confirm the RCE via that PHP file, highlighting high impact (C/H/I/A) and network attack vector, with no exploitatio...

CVE-2024-41368

CVE-2024-41368 affects RPi-Jukebox-RFID v2.7.0. The vulnerability is reported as a remote code execution (RCE) via the file path htdocs/inc.setWlanIpMail.php. Documented impact is high confidentiality, integrity, and availability (as per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with a netwo...

RPi-Jukebox-RFID 安全漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It plays audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A security vulnerability exists in RPi-Jukebox-RFID version v2.7.0, which originates from...

CVE-2024-41369

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\inc.setWifi.php...

CVE-2024-41368

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\inc.setWlanIpMail.php...

CVE-2024-41366

RPi-Jukebox-RFID v2.7.0 is affected by a remote code execution (RCE) vulnerability exploitable via the htdocs\userScripts.php surface. The CVE entry indicates a NETWORK attack vector with no privileges required and no user interaction, yielding a CRITICAL impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N=S/...

CVE-2024-41366

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\userScripts.php...

CVE-2024-41368

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\inc.setWlanIpMail.php...

ROS-20240719-02

Vulnerability in the makeHttpRequest function of the htdocs/js/ajaxfunctions.js file of the web administration tool LDAP phpLDAPAPadmin is related to inconsistent interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause smuggling of http...

Reflected Cross Site Scripting (XSS)

dolibarr/dolibarr is vulnerable to a Reflected Cross-site Scripting XSS. The vulnerability is due to improper input validation in htdocs/compta/paiement/card.php, allowing remote attackers to inject arbitrary web script or HTML via the facid parameter...

CVE-2024-34051

CVE-2024-34051 is a reflected XSS vulnerability in Dolibarr, affecting versions before 19.0.2. The issue resides in the file htdocs/compta/paiement/card.php where the facid parameter can be crafted to inject arbitrary script/HTML. This XSS is consistently described across sources (NVD, Red Hat, U...

CVE-2023-39638

D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbcsystem function at /htdocs/cgibin...

D-Link DIR-859 Command Injection Vulnerability

The D-Link DIR-859 is a wireless router from China-based AUO D-Link. A command injection vulnerability exists in the D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 versions, which originates from the lxmldbcsystem function in /htdocs/cgibin that contains a command injection vulnerability...

CVE-2013-10017

A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/saveroles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is...

CVE-2013-10018

A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/savecontact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injectio...

CVE-2013-10016

A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/savetaxes.php. The manipulation of the argument id leads to sql injection. The patch is named 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is...

CVE-2013-10015

A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/saveContractSignerRole.php. The manipulation of the argument n/v leads to sql injection. The patch is identified as...