The HyperComments WordPress plugin versions up to 1.2.2 contain a critical missing capability check vulnerability in the hc_request_handler function that allows unauthenticated remote attackers to modify arbitrary WordPress options without authentication. This can be directly exploited to escalate privileges by changing the default registration role to administrator and enabling user registration, granting attackers immediate administrative access to vulnerable sites. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses an extreme risk to any unpatched WordPress installation using the affected plugin.
Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatlimit function in the /goform/Natlimit endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets active exploitation criteria.
A command injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A critical remote code execution vulnerability exists in D-Link DIR-816 firmware version 1.10CNB05, allowing unauthenticated attackers to execute arbitrary OS commands via the /goform/setipsec_config endpoint by manipulating localIP or remoteIP parameters. The vulnerability has a publicly disclosed proof-of-concept exploit and affects end-of-life hardware no longer receiving security updates from D-Link, creating significant risk for deployed instances.
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated remote attackers to cause information disclosure, integrity compromise, and denial of service. The vulnerability has been publicly disclosed with exploit code available, making it a high-priority threat for any organization running vulnerable FTP server instances.
Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to achieve arbitrary code execution with low-impact consequences (confidentiality, integrity, and availability). The vulnerability has been publicly disclosed with exploit code available, making it a significant risk for exposed FTP deployments; however, the CVSS 7.3 score reflects moderate rather than critical severity due to limited impact scope.
Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with confidentiality, integrity, and availability impact. The vulnerability has been publicly disclosed with exploit code available, making it an active threat to exposed FTP server instances. With a CVSS score of 7.3 and network-based attack vector requiring no privileges or user interaction, this represents a significant risk to unpatched deployments.
Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve information disclosure or integrity compromise. The vulnerability is classified as critical by the vendor, has a disclosed proof-of-concept, and poses immediate risk to exposed FTP servers; however, the CVSS 7.3 score reflects moderate actual impact (low confidentiality, integrity, and availability) rather than critical severity.
Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's SYSTEM Command Handler that allows unauthenticated remote attackers to cause denial of service and potentially execute arbitrary code with limited impact on confidentiality and integrity. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild against unpatched systems.
Critical buffer overflow vulnerability in the SET Command Handler of PCMan FTP Server 2.0.7 that allows remote attackers to cause denial of service and potentially execute arbitrary code with no authentication required. The vulnerability has been publicly disclosed with exploit code available, making it an active threat to unpatched FTP server deployments. With a CVSS score of 7.3 and low attack complexity, this vulnerability represents a significant risk to organizations running vulnerable versions.
Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 affecting the PLS Command Handler component. Remote attackers can exploit this flaw without authentication or user interaction to achieve confidentiality, integrity, and availability impacts. Public exploit code is available and the vulnerability may be actively exploited in the wild.
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available.
Critical SQL injection vulnerability in PHPGurukul Auto Taxi Stand Management System version 1.0, specifically in the /admin/search-autoortaxi.php file's 'searchdata' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit proof-of-concept code available, creating immediate risk of active exploitation.
Critical SQL injection vulnerability in PHPGurukul Notice Board System 1.0 affecting the /forgot-password.php endpoint via the email parameter. An unauthenticated remote attacker can exploit this with low complexity to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the underlying database. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.
A SQL injection vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available.
Critical SQL injection vulnerability in Campcodes Online Teacher Record Management System version 1.0, specifically in the /search-teacher.php file's 'searchteacher' parameter. An unauthenticated remote attacker can exploit this flaw to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of teacher records. The vulnerability has been publicly disclosed with exploit code available, making active exploitation likely in the wild.
Critical SQL injection vulnerability in 1000projects Online Notice Board version 1.0 affecting the /register.php file's fname parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate or modify database contents. The vulnerability has been publicly disclosed with exploit code availability, creating immediate risk for deployed instances. With a CVSS score of 7.3 and network-accessible attack vector requiring no authentication, this poses significant risk to organizations using this software, though CVSS does not reflect the severity as 'critical' (which typically requires CVSS ≥9.0).
Critical SQL injection vulnerability in the /publicposts.php file of Content Management System and News-Buzz version 1.0 by code-projects/anirbandutta9. The vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands through the 'post' parameter, potentially enabling unauthorized data access, modification, or deletion. A public exploit has been disclosed and the vulnerability is exploitable with low attack complexity, making it an active threat.
Critical SQL injection vulnerability in Campcodes Online Recruitment Management System version 1.0 affecting the /admin/ajax.php?action=save_application endpoint. An unauthenticated remote attacker can manipulate the position_id parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation likely.
Critical SQL injection vulnerability in Campcodes Online Recruitment Management System version 1.0, affecting the authentication endpoint at /admin/ajax.php?action=login. An unauthenticated remote attacker can manipulate the Username parameter to execute arbitrary SQL queries, potentially leading to unauthorized access, data exfiltration, or database manipulation. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.
Critical SQL injection vulnerability in Campcodes Online Teacher Record Management System version 1.0, affecting the administrative report functionality at /trms/admin/bwdates-reports-details.php. An unauthenticated remote attacker can manipulate the fromdate/todate parameters to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, presenting immediate exploitation risk.
WP User Frontend Pro plugin for WordPress versions up to 4.1.3 contains an arbitrary file upload vulnerability in the upload_files() function due to missing file type validation, allowing authenticated Subscriber-level users to upload malicious files and achieve remote code execution. This vulnerability is particularly dangerous because it requires only Subscriber-level privileges (the lowest authenticated role in WordPress) and no user interaction, making it a high-severity post-authentication attack vector. The vulnerability is conditional on the Private Message module being enabled and requires the Business version of the PRO software.
A critical buffer overflow vulnerability exists in Tenda AC10 routers (versions up to 15.03.06.47) in the PPTP server configuration handler that allows authenticated remote attackers to execute arbitrary code or cause denial of service. The vulnerability affects the startIp/endIp parameters in the /goform/SetPptpServerCfg HTTP endpoint, requires valid credentials but no user interaction, and has publicly disclosed exploit code available, making it actively exploitable in real-world deployments.
Critical remote buffer overflow vulnerability in TOTOLINK N302R Plus routers up to version 3.4.0-B20201028, affecting the HTTP POST request handler in the /boafrm/formFilter endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'url' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad fully compromised). The vulnerability has public exploit disclosure and represents an active real-world threat to deployed TOTOLINK router infrastructure.
A critical buffer overflow vulnerability exists in TOTOLINK N302R Plus router firmware (versions up to 3.4.0-B20201028) in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated remote attacker can exploit this by manipulating the 'service_type' parameter to cause buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability shows strong indicators of active exploitation risk.
File::Find::Rule through version 0.34 contains an arbitrary code execution vulnerability in the grep() function where attacker-controlled filenames are passed unsafely to Perl's open() function using the 2-argument form, allowing command injection. This affects any Perl application using File::Find::Rule to search files in directories containing maliciously-named files. A proof-of-concept exists demonstrating command execution via filenames containing pipe characters (|), and the vulnerability requires user interaction (UI:R) to trigger by searching a directory with crafted filenames.
WP User Frontend Pro plugin versions up to 4.1.3 contain an arbitrary file deletion vulnerability in the delete_avatar_ajax() function that allows authenticated Subscriber-level users to delete critical files on WordPress servers without proper path validation. Successful exploitation can lead to remote code execution by deleting sensitive files such as wp-config.php, and the vulnerability is actively exploitable with no user interaction required. This represents a critical post-authentication privilege escalation affecting a widely-used WordPress plugin.
Local privilege escalation vulnerability in HP Support Assistant versions before 9.44.18.0 that allows a local attacker with limited user privileges to write arbitrary files and escalate to higher privilege levels without user interaction. The vulnerability carries a CVSS score of 7.8 (high severity) and exploits improper file permission handling in the support application; while KEV status and active exploitation data are not provided in the source material, the low attack complexity and local attack vector suggest this is a realistic threat for systems running vulnerable versions.