CVE-2025-15217

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely...

PT-2024-7244 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: The issue is related to a buffer overflow vulnerability in the formSetWanPPPoE function of the /goform/formSetWanPPPoE file. This vulnerability can be exploited by sending a specially crafted...

CVE-2023-5495

A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata0title/searchdata0searchfield/searchdata0searchvalue...

2023 Online Course Registration 1.0 SQL Injection

Title: 2023-Online-Course-Registration-1.0-Bypass-login-SQLi-RCE-password-changing Author: nu11secur1ty Date: 05.25.2023 Vendor: https://github.com/nikhilkeshava Software: https://github.com/nikhilkeshava/online-course-registration- Reference: https://portswigger.net/web-security/sql-injection,...

Engelsystem Cross-Site Request Forgery Vulnerability

Engelsystem is a shift planning system. The system includes features such as team management, event management, attendance management and mail system. A cross-site request forgery vulnerability exists in versions prior to Engelsystem commit hash 2e28336. A remote attacker can exploit this...

D-Link DIR-130 and DIR-330 Authentication Vulnerability

The D-Link DIR-130 and DIR-330 are both wireless router products from AUO D-Link. An authentication vulnerability exists in the D-Link DIR-130 with firmware version 1.23a and the DIR-330 with firmware version 1.12. A remote attacker can exploit this vulnerability by manipulating a POST request to...