CVE-2024-8133

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This...

CVE-2024-8133

CVE-2024-8133 affects D-Link NAS/DNS devices (e.g., DNS-120, DNS-320/320L/320LW, DNS-325, DNS-327L, DNS-1100-4, DNS-1550-04, etc.) and stems from command injection in the HTTP POST handler function listed as cgi_FMT_R5_SpareDsk_DiskMGR within /cgi-bin/hd_config.cgi. The vulnerability arises from ...

CVE-2024-8132

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This...

CVE-2024-8129 D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3_modify command injection

A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affecte...

CVE-2024-8128 D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_add_zip command injection

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Th...

CVE-2024-8127

The CVE-2024-8127 family affects D-Link NAS/DVR devices (DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW/321, DNR-322L, DNS-323/325/326/327L, DNR-326, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04) with a command-injection in the CGI unzip function of /cgi-bin/webfile_mgr.cgi ...

PT-2024-38817 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120 up to 20240814 D-Link DNR-202L up to 20240814 D-Link DNS-315L up to 20240814 D-Link DNS-320 up to 20240814 D-Link DNS-320L up to 20240814 D-Link DNS-320LW up to 20240814 D-Link DNS-321 up to 20240814 D-Link DNR-322L up to...

CVE-2024-7707

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow...

CVE-2024-7158

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

CVE-2024-7158 TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

CVE-2024-7158

CVE-2024-7158 affects TOTOLINK A3100R (v4.1.2cu.5050_B20200504). The vulnerability is in the HTTP POST Request Handler’s setTelnetCfg function (/cgi-bin/cstecgi.cgi): manipulation of the telnet_enabled argument enables command injection. Impact is remote exploitation with potential high severity ...

CVE-2024-7066

A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/configtimesync.php of the component HTTP POST Request Handler. The manipulation of the argument ntpserver leads to os command...

PT-2024-38056 · F Logic · F-Logic Datacube3

Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically in the file /admin/config time sync.php. The manipulation of the ntp server argument leads to os command...

CVE-2024-6950

A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection. The attack may be launched...

CVE-2024-6950

Prain up to version 1.3.0 is affected by CVE-2024-6950 in the HTTP POST Request Handler’s /?import path. The issue arises from manipulation of the file argument, enabling remote code injection. Exploitation is described as remote and publicly disclosed, with Affected versions up to 1.3.0. The PT-...

PT-2024-37989 · Prain · Prain

Name of the Vulnerable Software and Affected Versions: Prain versions up to 1.3.0 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /?import. The manipulation of the file argument leads to code...

PT-2024-37878 · Sourcecodester · Sourcecodester Student Study Center Desk Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Study Center Desk Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting some unknown functionality of the file /sscdms/classes/Users.php?f=save of the...

CVE-2024-6746

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

CVE-2024-6746

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

CVE-2024-6746

NaiboWang EasySpider 0.6.2 on Windows has a path-traversal vulnerability in the HTTP GET Request Handler (server.js) that allows reading arbitrary Windows files via input like /../../../../../../../../../Windows/win.ini. Exploitation is possible within a local network, and public disclosure has o...