๐จ CVE-2024-35400
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
๐@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
๐@cveNotify
๐จ CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
๐@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
๐@cveNotify
๐จ CVE-2024-35563
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions.
๐@cveNotify
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions.
๐@cveNotify
๐จ CVE-2024-36702
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.
๐@cveNotify
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.
๐@cveNotify
GitHub
GitHub - mz-automation/libiec61850: Official repository for libIEC61850, the open-source library for the IEC 61850 protocols
Official repository for libIEC61850, the open-source library for the IEC 61850 protocols - mz-automation/libiec61850
๐จ CVE-2023-37057
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.
๐@cveNotify
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.
๐@cveNotify
๐จ CVE-2023-37058
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
๐@cveNotify
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
๐@cveNotify
GitHub
GitHub - ri5c/Jlink-Router-RCE
Contribute to ri5c/Jlink-Router-RCE development by creating an account on GitHub.
๐จ CVE-2024-37821
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
๐@cveNotify
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
๐@cveNotify
GitHub
CVEs/2024/CVE-2024-37821.md at master ยท alexbsec/CVEs
Contribute to alexbsec/CVEs development by creating an account on GitHub.
๐จ CVE-2024-37676
An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function.
๐@cveNotify
An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function.
๐@cveNotify
Gist
CVE-2024-37676
CVE-2024-37676. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-37626
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.
๐@cveNotify
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.
๐@cveNotify
GitHub
vuln/totolink/TOTOlink A6000R vif_enable.md at main ยท lakemoon602/vuln
Contribute to lakemoon602/vuln development by creating an account on GitHub.
๐จ CVE-2024-37674
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
๐@cveNotify
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
๐@cveNotify
๐จ CVE-2024-37671
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter.
๐@cveNotify
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter.
๐@cveNotify
๐จ CVE-2024-37672
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter.
๐@cveNotify
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter.
๐@cveNotify
๐จ CVE-2024-37673
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter.
๐@cveNotify
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter.
๐@cveNotify
๐จ CVE-2024-37675
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file.
๐@cveNotify
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file.
๐@cveNotify
๐จ CVE-2022-25477
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.
๐@cveNotify
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.
๐@cveNotify
Gist
gist:feb16f1424779a61cb1d9f6d5681408a
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2022-25478
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.
๐@cveNotify
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.
๐@cveNotify
Gist
gist:feb16f1424779a61cb1d9f6d5681408a
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2022-25479
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
๐@cveNotify
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
๐@cveNotify
Gist
gist:feb16f1424779a61cb1d9f6d5681408a
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2022-25480
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
๐@cveNotify
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
๐@cveNotify
Gist
gist:feb16f1424779a61cb1d9f6d5681408a
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-39171
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.
๐@cveNotify
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.
๐@cveNotify
GitHub
GitHub - Sp1d3rL1/PHPVibe_vulnerability_Directory-Traversal: Description about PHPVibeCms' vulnerability
Description about PHPVibeCms' vulnerability. Contribute to Sp1d3rL1/PHPVibe_vulnerability_Directory-Traversal development by creating an account on GitHub.
๐จ CVE-2023-48194
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.
๐@cveNotify
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.
๐@cveNotify
GitHub
GitHub - zt20xx/CVE-2023-48194
Contribute to zt20xx/CVE-2023-48194 development by creating an account on GitHub.
๐จ CVE-2024-40495
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function.
๐@cveNotify
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function.
๐@cveNotify
GitHub
IOT-CVE/Linksys/CVE-2024-40495/CVE-2024-40495.pdf at master ยท iotaMing/IOT-CVE
Contribute to iotaMing/IOT-CVE development by creating an account on GitHub.