2429 matches found
CVE-2024-10428
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function setipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The...
CVE-2024-10429 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...
CVE-2024-10377
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiate...
CVE-2024-10376
Consolidated details from connected documents confirm CVE-2024-10376 affects ESAFENET CDG version 5, specifically the actionPassOrNotAutoSign function in AutoSignService.java. The root cause is manipulation of the UniqueId parameter leading to SQL injection, exploitable remotely and publicized. T...
CVE-2024-10277
A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has bee...
CVE-2024-43924
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7...
CVE-2024-43924
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7...
CVE-2024-43924
CVE-2024-43924 concerns a Missing Authorization vulnerability in the WordPress plugin dFactory Responsive Lightbox, affecting versions from n/a to 2.4.7 and allowing access to functionality not properly constrained by ACLs. The issue is described as a Missing Authorization vulnerability with high...
CVE-2024-43924 WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7...
PT-2024-30785 · Unknown · Dfactory Responsive Lightbox
Name of the Vulnerable Software and Affected Versions: dFactory Responsive Lightbox versions 2.4.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For dFactory Responsiv...
WordPress plugin Responsive Lightbox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-10195
The CVE-2024-10195 entry concerns Tecno 4G Portable WiFi TR118 (V008-20220830). A vulnerability exists in the SMS Check module via the endpoint /goform/goform_get_cmd_process where manipulation of the order_by argument enables SQL injection. Exploitation is described as remote. Several sources co...
CVE-2024-10195 Tecno 4G Portable WiFi TR118 SMS Check goform_get_cmd_process sql injection
A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goformgetcmdprocess of the component SMS Check. The manipulation of the argument orderby leads to sql injection...
CVE-2024-10173 didi DDMQ Console Module improper authentication
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has be...
CVE-2024-10122 Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the...
CVE-2024-10121 wfh45678 Radar Interface authorization
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclos...
CVE-2024-49282
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox responsive-lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through = 2.4.8...
CVE-2024-49280
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weblizar - WordPress Themes & Plugin Lightbox slider – Responsive Lightbox Gallery simple-lightbox-gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n...
CVE-2024-49280
CVE-2024-49280 concerns the WordPress plugin “Lightbox slider – Responsive Lightbox Gallery.” The vulnerability is a stored XSS arising from improper neutralization of input during web page generation, enabling stored cross-site scripting in affected pages. The entry states the issue affects vers...
CVE-2024-49280 WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weblizar - WordPress Themes & Plugin Lightbox slider – Responsive Lightbox Gallery simple-lightbox-gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n...