Command injection in D-Link DCS-933L firmware up to version 1.14.11 allows authenticated remote attackers to execute arbitrary commands through the AdminID parameter in the /setSystemAdmin endpoint. Public exploit code exists for this vulnerability, which affects only end-of-life devices no longer receiving security updates. An attacker with valid credentials can achieve remote code execution with limited system privileges.
Di-7100G C1 Firmware versions up to 24.04.18d1 contains a vulnerability that allows attackers to command injection (CVSS 6.3).
D-Link DCS-931L camera firmware versions up to 1.13.0 contain a command injection vulnerability in the /setSystemAdmin endpoint that allows remote attackers with high privileges to execute arbitrary commands by manipulating the AdminID parameter. Public exploit code exists for this vulnerability, though the affected devices are no longer supported by D-Link. An attacker with administrative access could achieve remote code execution on vulnerable cameras.
Unrestricted file upload in Online Music Site 1.0's AdminAddAlbum.php allows authenticated administrators with high privileges to upload arbitrary files via the txtimage parameter. Public exploit code exists for this vulnerability, enabling remote attackers to potentially execute malicious code or compromise the application. The affected component impacts both the PHP runtime and the vulnerable web application, with no patch currently available.
A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. [CVSS 3.5 LOW]
Unrestricted file upload in DouPHP versions up to 1.9 allows remote attackers with administrative privileges to bypass upload restrictions via manipulation of the sql_filename parameter in the ZIP File Handler component. Public exploit code exists for this vulnerability, and no patch is currently available.
A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. [CVSS 2.4 LOW]
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. [CVSS 2.4 LOW]
A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. [CVSS 2.4 LOW]
A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. [CVSS 2.4 LOW]
A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. [CVSS 3.3 LOW]
A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. [CVSS 3.3 LOW]
A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. [CVSS 3.3 LOW]
A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult...
Path traversal in rachelos WeRSS plugin versions up to 1.4.8 allows authenticated remote attackers to access arbitrary files through manipulation of the filename parameter in the download_export_file function. Public exploit code exists for this vulnerability. The issue requires valid credentials but has a low complexity attack surface, affecting file confidentiality without requiring user interaction.
A vulnerability was identified in CCExtractor versions up to 183. is affected by buffer overflow (CVSS 3.3).
A security vulnerability has been detected in AprilRobotics apriltag versions up to 3.4.5. is affected by buffer overflow (CVSS 3.3).