Buffer overflow in Tenda TX9 firmware versions up to 22.03.02.10_multi allows authenticated remote attackers to achieve full system compromise through a malicious SSID parameter in the WiFi configuration interface. Public exploit code is available for this vulnerability, and no patch has been released. The high CVSS score of 8.8 reflects the ability to execute arbitrary code with complete confidentiality, integrity, and availability impact.
Remote code execution in Tenda TX9 firmware versions up to 22.03.02.10_multi through a buffer overflow in the static route configuration function allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, significantly increasing the risk of active exploitation. No patch is currently available, making this a critical threat requiring immediate network segmentation or device replacement.
Remote code execution in Tenda TX3 firmware through version 16.03.13.11_multi allows authenticated attackers to execute arbitrary code via buffer overflow in the /goform/SetIpMacBind endpoint. Public exploit code exists for this vulnerability and no patch is currently available. This high-severity flaw requires valid credentials but can be exploited over the network without user interaction.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows remote attackers with low privileges to achieve complete system compromise through manipulation of QoS parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function in the /goform/formSetQosBand endpoint, enabling unauthorized code execution and data theft.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows authenticated remote attackers to achieve full system compromise through improper argument handling in the SetIpMacBind function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations should implement network segmentation and access controls to restrict administrative functionality until remediation is possible.
Remote code execution in Tenda RX3 firmware versions up to 16.03.13.11 via stack-based buffer overflow in the /goform/openSchedWifi endpoint allows unauthenticated attackers to execute arbitrary code by manipulating the schedStartTime and schedEndTime parameters. Public exploit code exists and no patch is currently available. This vulnerability affects network devices and poses an immediate risk to deployed systems.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows unauthenticated remote attackers to achieve code execution by sending a malicious SSID value to the /goform/fast_setting_wifi_set endpoint. Public exploit code exists for this vulnerability and no patch is currently available. An attacker can exploit this to gain complete system compromise with high integrity and availability impact.
Remote code execution in Tenda TX9 firmware through version 22.03.02.10_multi allows authenticated attackers to achieve complete system compromise via a buffer overflow in the /goform/setMacFilterCfg endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed over the network with high impact on confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 MAC filtering endpoint allows authenticated remote attackers to achieve code execution through crafted device name or MAC address parameters. Public exploit code exists for this vulnerability and no patch is currently available. The flaw affects the /goform/setBlackRule component with high impact on confidentiality, integrity, and availability.
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.
OS command injection in Great Developers Certificate Generation System's CSV processing functionality allows unauthenticated remote attackers to execute arbitrary system commands through the photo parameter in /restructured/csv.php. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems using the abandoned project with a rolling release model.
SQL injection in the Student Web Portal 1.0 /check_user.php endpoint allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. The vulnerability enables attackers to read, modify, or delete sensitive data with public exploit code readily available. This affects PHP-based installations of the Student Web Portal with no patch currently available.
Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.
Unauthenticated attackers can execute arbitrary operating system commands on D-Link DIR-823X routers through the /goform/set_upnp endpoint via the upnp_enable parameter. Public exploit code is available for this vulnerability, and no patch has been released. This allows complete compromise of affected devices with high impact on confidentiality, integrity, and availability.
Remote code execution in D-Link DIR-823X routers through OS command injection in the static route configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with high privileges. The vulnerability affects the /goform/set_static_route_table function and can be exploited by manipulating interface, destination IP, netmask, gateway, or metric parameters. Public exploit code exists for this vulnerability, and no patch is currently available.
Remote code execution in D-Link DIR-823X routers through OS command injection in the /goform/set_server_settings endpoint allows unauthenticated attackers to execute arbitrary commands by manipulating terminal_addr, server_ip, or server_port parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at high risk.
Remote code execution in UTT 521G firmware 3.1.1-190816 allows unauthenticated attackers to inject arbitrary OS commands through the policyNames parameter in the /goform/formPdbUpConfig endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations using this device should immediately implement network segmentation or disable remote access until a fix is released.
521G Firmware versions up to 3.1.1-190816 contains a vulnerability that allows attackers to command injection (CVSS 7.2).
810 Firmware versions up to 1.7.4-141218 contains a vulnerability that allows attackers to command injection (CVSS 7.2).
Remote code execution in D-Link DIR-823X routers through OS command injection in the DMZ configuration handler allows unauthenticated attackers to execute arbitrary commands on affected devices. The vulnerability exists in the /goform/set_dmz endpoint where the dmz_host and dmz_enable parameters are insufficiently sanitized, and public exploit code is currently available. Organizations using DIR-823X firmware should prioritize patching as no official fix is currently available.
Stack buffer overflow in Tenda AC9 firmware versions up to 15.03.06.42_multi allows remote attackers to achieve code execution by manipulating scheduled reboot parameters without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high privileges but succeeds over the network with minimal complexity.
Stack overflow in Tenda AC9 firmware versions up to 15.03.06.42_multi allows remote attackers with high privileges to achieve complete system compromise through manipulation of the security.ddos.map parameter. Public exploit code exists for this vulnerability, increasing exploitation risk. No patch is currently available.
Unauthenticated attackers can achieve remote code execution on D-Link DIR-823X routers through OS command injection in the DDNS service component via the /goform/set_ddns endpoint. The vulnerability allows manipulation of DDNS parameters (ddnsType, ddnsDomain, ddnsUserName, ddnsPwd) to execute arbitrary system commands with high privileges. Public exploit code exists and no patch is currently available.
Remote code execution in D-Link DIR-823X firmware via command injection in the QoS configuration function allows unauthenticated attackers to execute arbitrary OS commands over the network. The vulnerability affects the /goform/set_qos endpoint and has public exploit code available, increasing the risk of active exploitation. No patch is currently available.
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-823X routers through command injection in the /goform/set_ac_status endpoint via manipulation of ac_ipaddr, ac_ipstatus, or ap_randtime parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.
Command injection in D-Link DI-7100G C1 firmware version 24.04.18D1 allows authenticated remote attackers to execute arbitrary commands through manipulation of the usb_username parameter in the set_jhttpd_info function. Public exploit code exists for this vulnerability, and no patch is currently available. The medium-severity flaw requires valid credentials but can be exploited over the network with minimal complexity.
Unrestricted file upload in Great Developers Certificate Generation System's CSV processing endpoint allows authenticated attackers to upload arbitrary files remotely. Public exploit code exists for this vulnerability, though no patch is available and the project is no longer actively maintained. The vulnerability affects PHP-based certificate generation functionality with medium severity (CVSS 6.3).
Privilege escalation in JAY Login & Register WordPress plugin allows unauthenticated attackers to register as administrators. All versions up to 1.1.6 affected.
Detronetdip E-commerce 1.0.0 contains an authentication bypass vulnerability in the seller account creation endpoint that allows unauthenticated remote attackers to manipulate the email parameter and gain unauthorized access. The vulnerability affects PHP-based e-commerce installations and has public exploit code available, though no patch is currently available from the vendor.
Unrestricted file upload in detronetdip E-commerce 1.0.0 via the /seller/assets/backend/profile/addadhar.php endpoint allows unauthenticated remote attackers to upload arbitrary files. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.
SourceCodester Prison Management System 1.0 contains a session fixation vulnerability in its login component that allows unauthenticated remote attackers to hijack user sessions. Public exploit code exists for this vulnerability, which enables attackers to impersonate legitimate users and gain unauthorized access to the system. No patch is currently available.
SQL injection in the Online Reviewer System 1.0 login function allows unauthenticated remote attackers to manipulate username and password parameters, potentially enabling unauthorized database access and data modification. With public exploit code available and no patch released, this vulnerability poses an immediate risk to deployed instances.
Unrestricted file upload in Online Music Site 1.0's AdminUpdateCategory.php allows unauthenticated remote attackers to upload arbitrary files by manipulating the txtimage parameter. Public exploit code exists for this vulnerability, enabling potential remote code execution and system compromise. A security patch is not currently available, leaving affected installations vulnerable to active exploitation.
SQL injection in itsourcecode Directory Management System 1.0 allows unauthenticated remote attackers to manipulate the email parameter in /admin/forget-password.php and execute arbitrary database queries. Public exploit code exists for this vulnerability and no patch is currently available. An attacker can leverage this to extract sensitive data or modify database contents with minimal complexity.
Online Food Ordering System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/user/controller.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement alternative mitigations or restrict access to vulnerable systems.
SQL injection in itsourcecode School Management System 1.0 allows unauthenticated remote attackers to manipulate the 'ay' parameter in /ramonsys/report/index.php, potentially enabling data exfiltration, modification, or service disruption. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for deployed instances.
SQL injection in Online Music Site 1.0's AdminUpdateCategory.php allows unauthenticated remote attackers to manipulate the txtcat parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, with no patch currently available. The attack requires no user interaction and can compromise the confidentiality, integrity, and availability of the underlying database.
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the activity_id parameter in /admin/edit_activity.php, enabling data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode Society Management System 1.0's expense editing functionality allows unauthenticated remote attackers to manipulate the expenses_id parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers to access, modify, or delete sensitive financial data with minimal complexity.
Tenda AC21 firmware version 16.03.08.16 contains an information disclosure vulnerability in the /cgi-bin/DownloadFlash web management interface that allows unauthenticated remote attackers to access sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at risk of data exposure.
Tenda AC21 firmware version 16.03.08.16 contains an information disclosure vulnerability in the web management interface's /cgi-bin/DownloadLog endpoint that allows unauthenticated remote attackers to access sensitive data. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected devices.
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. [CVSS 8.8 HIGH]
Improper authentication in the CRUD endpoint of code-projects Contact Management System 1.0 allows unauthenticated remote attackers to manipulate ID parameters and bypass access controls. This vulnerability enables unauthorized users to read, modify, or delete sensitive contact data without valid credentials. No patch is currently available.
SQL injection in code-projects Online Examination System 1.0 allows unauthenticated remote attackers to manipulate the username and password parameters in login.php, potentially enabling unauthorized access to sensitive data or system compromise. The vulnerability requires no user interaction and can be exploited over the network with low complexity. No patch is currently available for this issue.
OS command injection in Totolik WA300 firmware via the setAPNetwork function allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects firmware version 5.2cu.7112_B20190227 and impacts the /cgi-bin/cstecgi.cgi endpoint through manipulation of the Ipaddr parameter.
Maigret Mcp Server versions up to 1.0.12. contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Improper access controls in WeKan's administrative repair handler (fixDuplicateLists.js) allow authenticated remote attackers to manipulate list data and gain unauthorized access to sensitive information. Affected versions through 8.20 can be remediated by upgrading to version 8.21 or applying the referenced patch.
Wekan versions up to 8.18 contain an authorization bypass in the custom translation handler that allows authenticated users to manipulate translation settings they should not have access to. An attacker with valid credentials can exploit the setCreateTranslation function to gain unauthorized access to modify translations, potentially affecting application functionality and data integrity. The vulnerability has been patched in version 8.19 and users should upgrade immediately.
SQL injection in code-projects Contact Management System 1.0 allows authenticated remote attackers to manipulate the selecteditem[0] parameter in index.py and execute arbitrary SQL queries. The vulnerability requires valid user credentials but enables data exfiltration, modification, and potential system compromise. No patch is currently available.