๐จ CVE-2024-44563
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
๐@cveNotify
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
๐@cveNotify
Arahat0's Notion on Notion
Tenda AX1806 Buffer Overflow in getIptvInfo | Notion
Information
๐จ CVE-2024-44556
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.
๐@cveNotify
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.
๐@cveNotify
๐จ CVE-2024-44558
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.
๐@cveNotify
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.
๐@cveNotify
๐จ CVE-2024-8162
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
GitHub - rohitburke/TOTOLINK
Contribute to rohitburke/TOTOLINK development by creating an account on GitHub.
๐จ CVE-2024-8163
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
zzz/CVE4-1.md at main ยท DeepMountains/zzz
Contribute to DeepMountains/zzz development by creating an account on GitHub.
๐จ CVE-2023-38047
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38048
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38049
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38051
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38052
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38054
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38055
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2024-42766
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.
๐@cveNotify
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Bus Ticket Reservation System v1.0/Broken Access Control - Delete Bookings.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-44381
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
๐@cveNotify
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
๐@cveNotify
GitHub
pocs/dlink_DI8004W.md at main ยท GroundCTL2MajorTom/pocs
Contribute to GroundCTL2MajorTom/pocs development by creating an account on GitHub.
๐จ CVE-2024-44382
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
๐@cveNotify
D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
๐@cveNotify
GitHub
pocs/dlink_DI8004W.md at main ยท GroundCTL2MajorTom/pocs
Contribute to GroundCTL2MajorTom/pocs development by creating an account on GitHub.
๐จ CVE-2023-4972
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects all versions. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects all versions. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2023-5983
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
๐@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
๐@cveNotify
๐จ CVE-2023-4993
Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
๐@cveNotify
Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
๐@cveNotify
๐จ CVE-2024-25381
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
๐@cveNotify
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
๐@cveNotify
GitHub
CVE-2024-25381/description at main ยท OoO7ce/CVE-2024-25381
Contribute to OoO7ce/CVE-2024-25381 development by creating an account on GitHub.
๐จ CVE-2024-29338
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
๐@cveNotify
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
๐@cveNotify
๐จ CVE-2023-52342
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
๐@cveNotify
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
๐@cveNotify