2429 matches found
CVE-2024-7908
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack...
CVE-2024-7907 TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.85220230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. T...
CVE-2024-7907
TOTOLINK X6000R (version 9.4.0cu.852_20230719) is affected by a command-injection vulnerability in the setSyslogCfg function of /cgi-bin/cstecgi.cgi, triggered by manipulating the rtLogServer parameter. The issue is remote-executable, with exploits publicly disclosed and vendor unresponsive. Affe...
CVE-2024-43335
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8...
CVE-2024-43335
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8...
CVE-2024-43335 WordPress Responsive Blocks – WordPress Gutenberg Blocks plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8...
CVE-2024-43335 WordPress Responsive Blocks – WordPress Gutenberg Blocks plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CyberChimps Responsive Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks – WordPress Gutenberg Blocks: from n/a through 1.8.8...
WordPress plugin Responsive Blocks – WordPress Gutenberg Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Responsive...
PT-2024-30501 · WordPress · Cyberchimps Responsive Blocks
Name of the Vulnerable Software and Affected Versions: CyberChimps Responsive Blocks – WordPress Gutenberg Blocks versions 1.8.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for...
CVE-2024-7900
A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact...
CVE-2024-7896
A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1ftpserver.php. The manipulation of the argument adrtxt leads to command injection. The attack ma...
WordPress Responsive Blocks – WordPress Gutenberg Blocks plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Responsive Blocks versions = 1.8.8...
WordPress Responsive Blocks Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)
Software Responsive Blocks Type Plugin Vulnerable versions = 1.8.8 Fixed in 1.8.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43335 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID deeb36a6e784 Credits 4rCanJ0x! Required privilege...
CVE-2024-7742 wanglongcn ltcms API Endpoint multiDownload server-side request forgery
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...
CVE-2024-7706 Fujian mwcms uploadfile.html uploadimage unrestricted upload
A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclose...
CVE-2024-7705 Fujian mwcms Image Upload uploadeditor.html uploadeditor unrestricted upload
A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The...
CVE-2024-7704
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecologydev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack...
CVE-2024-7615
A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has...
CVE-2024-7616
Edimax IC-6220DC and IC-5150W (firmware ≤ 3.06) expose a command-injection vulnerability in the ipcam_cgi module, specifically via the cgiFormString function manipulating the host argument. Exploitation could yield unauthorized commands on affected devices. Remediation from the connected sources:...
CVE-2024-41239
A Stored Cross Site Scripting XSS vulnerability was found in "/smsa/addclasssubmit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "classname" parameter field...