136 matches found
PT-2024-28408 · Simpcms · Simpcms
Name of the Vulnerable Software and Affected Versions: SimpCMS version 0.1 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at the "/admin.php" API endpoint. Recommendations: For...
PT-2024-37650 · Playsms · Playsms
Name of the Vulnerable Software and Affected Versions: playSMS version 1.4.3 Description: A vulnerability was found in the Template Handler component, specifically in the file /index.php?app=main&inc=feature firewall&op=firewall list. The manipulation of the id argument leads to injection. The...
PT-2024-28370 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/userSys deal.php?mudi=infoSet". This allows for potential unauthorized actions on the affected system. Recommendations: For idccm...
PT-2024-28271 · H3C · H3C Magic R230
Name of the Vulnerable Software and Affected Versions: H3C Magic R230 version V100R002 Description: The issue allows attackers to execute arbitrary commands due to the udpserver opening port 9034. Recommendations: For H3C Magic R230 version V100R002, consider restricting access to port 9034 as a...
PT-2024-4141 · D Link · D-Link Wireless Routers
Name of the Vulnerable Software and Affected Versions: D-Link wireless routers affected versions not specified Description: The issue is related to an undisclosed factory testing backdoor in certain models of D-Link wireless routers. This backdoor allows unauthenticated attackers on the local are...
PT-2024-27688 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6165 20211012 Description: The issue is related to a stack overflow that occurs via the ssid in the setWiFiGuestCfg function. This allows for potential exploitation. No information is provided about the estimate...
PT-2024-24913 · Unknown · Skybridge Basic Mb-A130 +1
Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A100/MB-A110 versions 4.2.2 and earlier SkyBridge BASIC MB-A130 versions 1.5.5 and earlier Description: The issue is related to improper neutralization of special elements used in a command, also known as 'Command Injection'. Thi...
PT-2024-19664
Name of the Vulnerable Software and Affected Versions Apfloat version 1.10.1 Description A NullPointerException was discovered in Apfloat via the component org.apfloat.internal.DoubleScramble::scrambledouble, int, int. However, the existence of this issue is disputed by multiple third parties due...
PT-2024-23532 · Tenda · Tenda Fh1205
Name of the Vulnerable Software and Affected Versions: Tenda FH1205 version 2.0.0.7775 Description: The issue is a stack overflow vulnerability in the page parameter from the fromAddressNat function. Recommendations: For Tenda FH1205 version 2.0.0.7775, as a temporary workaround, consider...
PT-2024-22434 · Twenty · Twenty
Name of the Vulnerable Software and Affected Versions: Twenty version 0.3.0 Description: The CRM platform is vulnerable to stored cross-site scripting via file upload. A crafted svg file can trigger the execution of the javascript code. Recommendations: For version 0.3.0, consider disabling the...
PT-2024-23100
Name of the Vulnerable Software and Affected Versions Sentrifugo version 3.2 Description The issue is related to a SQL injection vulnerability. It affects the "/sentrifugo/index.php/reports/activitylogreport" API endpoint, specifically the sortby parameter. This could allow a remote user to send ...
PT-2024-22388 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: gpac version 2.3-DEV-rev921-g422b78ecf-master Description: The issue is related to an out of boundary write vulnerability via the swf get string function at scene manager/swf parse.c:325. This vulnerability can be exploited by a remote attack...
PT-2024-22458 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: The issue is a stack overflow vulnerability in the fromAddressNat function, specifically affecting the entrys parameter. Recommendations: For Tenda AC18 version 15.03.05.05, consider restricting...
PT-2024-18424 · Sourcecodester · Sourcecodester Online Job Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Job Portal version 1.0 Description: A vulnerability has been found in the Manage Job Page component, specifically in the file /Employer/ManageJob.php. The manipulation of the Qualification/Description argument leads to...
PT-2024-3899 · Sap · Sap Master Data Governance For Material
Name of the Vulnerable Software and Affected Versions: SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804 Description: The issue is related to the absence of a necessary authorization check for an authenticated user, resulting in escalation of...
PT-2024-17346 · South River · South River Webdrive
Name of the Vulnerable Software and Affected Versions: South River WebDrive version 18.00.5057 Description: A vulnerability was found in the New Secure WebDAV component, which can lead to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the...
PT-2024-20366 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the desc parameter in the setWiFiAclRules function. This allows for potential command injection attacks. Recommendations: For TOTOLINK...
PT-2024-1820 · Unknown · Schlix Cms
Name of the Vulnerable Software and Affected Versions: Schlix CMS version 2.2.8-1 Description: The issue is related to an arbitrary file upload vulnerability in the core.mediamanager component of Schlix CMS, which allows remote authenticated attackers to execute arbitrary code and obtain sensitiv...
PT-2024-19481 · Flycms · Flycms
Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is related to Cross Site Scripting XSS in the email settings of the website settings section. This allows for potential malicious script injection. Recommendations: For FlyCms version 1.0, as a...
PT-2023-32925 · Unknown · Campcodes Online College Library System
Name of the Vulnerable Software and Affected Versions: Campcodes Online College Library System version 1.0 Description: A critical vulnerability was found in the Campcodes Online College Library System. The issue affects an unknown function of the file /admin/category row.php of the component HTT...