T&D Corporation Security Vulnerabilities
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the attack remotely....
4.7CVSS
7.4AI Score
0.0004EPSS
CVE-2023-50207 D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability
D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists.....
8AI Score
0.0005EPSS
CVE-2023-50204 D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability
D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific...
8AI Score
0.0005EPSS
glpi -- Account takeover vulnerability
MITRE Corporation reports: GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an...
1.8AI Score
0.001EPSS
KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named me.weishu.kernelsu get root permission. If a KernelSU module installed device try to install any not.....
6.8AI Score
0.001EPSS
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50...
9.8CVSS
9.7AI Score
0.001EPSS
D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...
6.8CVSS
8.2AI Score
0.0005EPSS
A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request...
4.3CVSS
7.1AI Score
0.0004EPSS
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack....
5.3CVSS
7.2AI Score
0.001EPSS
7.4AI Score
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting.....
2.4CVSS
6.5AI Score
0.0004EPSS
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site...
2.4CVSS
6.5AI Score
0.0004EPSS
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The.....
2.4CVSS
6.5AI Score
0.0004EPSS
A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may...
3.8CVSS
7.4AI Score
0.0004EPSS
WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute...
9.6AI Score
0.057EPSS
7.4AI Score
** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <>test leads to cross site scripti...
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is.....
5.3CVSS
7.1AI Score
0.001EPSS
glpi -- Unauthenticated Stored XSS
MITRE Corporation reports: In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as url_base and url_base_api. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure...
1.3AI Score
0.001EPSS
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to...
5.1AI Score
0.001EPSS
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and...
8.9AI Score
0.002EPSS
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been...
5.4CVSS
7.3AI Score
0.0004EPSS
D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
8.1AI Score
0.001EPSS
D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
8.1AI Score
0.001EPSS
glpi -- SQL Injection in Search API
MITRE Corporation reports: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or...
1.7AI Score
0.001EPSS
glpi -- able to read any token through API user endpoint
MITRE Corporation reports: In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or...
2.1AI Score
0.002EPSS
D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...
8.1AI Score
0.001EPSS
D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
8AI Score
0.0005EPSS
7.4AI Score
SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user...
7AI Score
0.001EPSS
D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...
8.1AI Score
0.0005EPSS
CVE-2023-50208 D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw...
7.8AI Score
0.0005EPSS
D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
8.1AI Score
0.001EPSS
D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
8.1AI Score
0.001EPSS
D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
8.1AI Score
0.001EPSS
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The...
8AI Score
0.001EPSS
D-Link G416 httpd Improper Handling of Exceptional Conditions Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability.....
6.3AI Score
0.0005EPSS
CVE-2023-50209 D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability
D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific.....
7.8AI Score
0.0005EPSS
D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
8.1AI Score
0.001EPSS
D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability,....
8.1AI Score
0.001EPSS
H5P metadata automatically populated the author with the user's username, which could be sensitive...
5.2AI Score
0.001EPSS
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original...
6.7AI Score
0.0004EPSS
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and...
8.9AI Score
0.002EPSS
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS...
5.1AI Score
0.001EPSS
6AI Score
0.001EPSS
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe...
6AI Score
0.001EPSS
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other...
3.9AI Score
0.0004EPSS
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning...
5.3AI Score
0.001EPSS
D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
8.1AI Score
0.001EPSS
CVE-2023-44416 D-Link DAP-2622 Telnet CLI Command Injection Remote Code Execution Vulnerability
D-Link DAP-2622 Telnet CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622. Authentication is required to exploit this vulnerability. The specific flaw exists within...
8AI Score
0.001EPSS