CVE-2024-8129 D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3_modify command injection

A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affecte...

CVE-2024-8128 D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_add_zip command injection

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Th...

CVE-2024-8127

The CVE-2024-8127 family affects D-Link NAS/DVR devices (DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW/321, DNR-322L, DNS-323/325/326/327L, DNR-326, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04) with a command-injection in the CGI unzip function of /cgi-bin/webfile_mgr.cgi ...

CVE-2024-7707

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow...

CVE-2024-7158

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

CVE-2024-7158

CVE-2024-7158 affects TOTOLINK A3100R (v4.1.2cu.5050_B20200504). The vulnerability is in the HTTP POST Request Handler’s setTelnetCfg function (/cgi-bin/cstecgi.cgi): manipulation of the telnet_enabled argument enables command injection. Impact is remote exploitation with potential high severity ...

CVE-2024-7158 TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

CVE-2024-7066

A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/configtimesync.php of the component HTTP POST Request Handler. The manipulation of the argument ntpserver leads to os command...

CVE-2024-6950

A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection. The attack may be launched...

CVE-2024-6950

Prain up to version 1.3.0 is affected by CVE-2024-6950 in the HTTP POST Request Handler’s /?import path. The issue arises from manipulation of the file argument, enabling remote code injection. Exploitation is described as remote and publicly disclosed, with Affected versions up to 1.3.0. The PT-...

PT-2024-37878 · Sourcecodester · Sourcecodester Student Study Center Desk Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Study Center Desk Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting some unknown functionality of the file /sscdms/classes/Users.php?f=save of the...

CVE-2024-6269

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...

CVE-2024-6269

CVE-2024-6269 affects Ruijie RG-UAC 1.0. The vulnerability lives in the HTTP POST handler function get_ip.addr_details in /view/vpn/autovpn/sxh_vpnlic.php, where manipulating the indevice argument enables remote command injection. Public exploit information exists. Affected product behavior and r...

CVE-2024-5428

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function saveproduct of the file /admin/index.php?page=manageproduct of the component HTTP POST Request Handler. The manipulation leads to cross-site reque...

CVE-2024-5145 SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

CVE-2024-5145

The CVE-2024-5145 entry refers to SourceCodester Vehicle Management System (up to v1.0) with a flaw in the HTTP POST Request Handler, where manipulating the file parameter in /newdriver.php enables unrestricted uploads. Multiple sources confirm remote feasibility and public disclosure of exploits...

CVE-2024-2910

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itboxpi/vpnquicksetservice.php?a=setvpn of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-2910

CVE-2024-2910 affects Ruijie RG-EG350 (pre-20240318) in the VPN quick set service. The vulnerable component is the HTTP POST handler function vpnAction in the file /itbox_pi/vpn_quickset_service.php?a=set_vpn. By manipulating arguments ip, port, user, pass, dns, or startIp, an attacker can trigge...

CVE-2024-2909

CVE-2024-2909 affects Ruijie RG-EG350 up to 20240318. The vulnerability resides in the HTTP POST Request Handler function setAction (file /itbox_pi/networksafe.php?a=set) where manipulation of the bandwidth argument enables OS command injection. It can be exploited remotely; multiple sources conf...

GHSA-99WG-VMVQ-2CP5 RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php`

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...