CVE-2024-11658

A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/network/ajaxgetChannelList. The manipulation of the argument countryCode leads to command...

CVE-2024-10377

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiate...

CVE-2024-4491

CVE-2024-4491 affects Tenda i21 1.0.0.14(4656). The vulnerability is in the function formGetDiagnoseInfo, where improper validation of the cmdinput parameter leads to a stack-based buffer overflow. It can be triggered remotely, and the exploit has been publicly disclosed. Reported impacts include...

CVE-2024-4115

The CVE-2024-4115 entry concerns Tenda W15E firmware 15.11.0.14. A stack-based buffer overflow is triggered via the DnsForwardRule parameter in the /goform/AddDnsForward endpoint, specifically in the formAddDnsForward function. This vulnerability can be exploited remotely and has public exploit i...

CVE-2024-3910

CVE-2024-3910 affects Tenda AC500 2.0.1.9(1307). The flaw is in the fromDhcpListClient function (file /goform/DhcpListClient) where manipulating the page parameter causes a stack-based buffer overflow. Impact is described as remote code execution with high severity/impact across confidentiality, ...

CVE-2024-3039

Affected software: Shanghai Brad Technology BladeX 3.4.0. Vulnerable component: API endpoint /api/blade-user/export-user. Root cause: SQL injection via input manipulation using updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1). Impact: potential remote exploitation allowing unauthorized access or d...

CVE-2024-2902

CVE-2024-2902 affects Tenda AC7 firmware version 15.03.06.44. The vulnerability is in the function fromSetWifiGusetBasic within /goform/WifiGuestSet, where manipulating the shareSpeed argument causes a stack-based buffer overflow. Exploitation can be performed remotely and the vulnerability has b...

CVE-2024-2898

CVE-2024-2898 affects Tenda AC7 15.03.06.44. The vulnerability is a stack-based buffer overflow in fromSetRouteStatic (file /goform/SetStaticRouteCfg) caused by manipulation of the list argument. It can be exploited remotely and has public exploit/public disclosure. Remediation/patch details are ...

Improper access control

A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been...

Design/Logic Flaw

A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally...

Path traversal

A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function delsndb of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. T...

Design/Logic Flaw

A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attac...

Cross site scripting

A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2024-0578 Totolink LR1200GB cstecgi.cgi UploadCustomModule stack-based overflow

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely...

CVE-2023-6612 Totolink X5000R cstecgi.cgi setWizardCfg os command injection

A vulnerability was found in Totolink X5000R 9.1.0cu.2300B20230112. It has been rated as critical. This issue affects the function...

Cross site scripting

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier...

Sql injection

A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and...

Security feature bypass

A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may ...

Cross site scripting

A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this...