SQL injection in Web Ofisi Firma Rehberi v1. PoC available.
Multiple SQL injections in Web Ofisi Emlak V2. PoC available.
SQL injection in Web Ofisi Emlak v2. PoC available.
Stack-based buffer overflow in Tenda HG9 firmware's pingAddr parameter allows unauthenticated remote attackers to achieve code execution through the /boaform/formPing6 endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries high severity with complete compromise potential across confidentiality, integrity, and availability.
Stack-based buffer overflow in the Diagnostic Ping Endpoint of Tenda HG9 firmware allows unauthenticated remote attackers to achieve code execution by supplying a malicious pingAddr parameter. The vulnerability exists in the /boaform/formPing component and is exploitable over the network with low complexity. Public exploit code exists and no patch is currently available.
Stack-based buffer overflow in Tenda HG9 firmware's loopback detection endpoint allows remote attackers with valid credentials to achieve complete system compromise through manipulation of the Ethtype parameter. Public exploit code exists for this vulnerability, creating immediate risk in deployed environments. No patch is currently available.
Remote code execution in Tenda HG9 firmware via stack buffer overflow in the GPON configuration endpoint allows authenticated attackers to achieve full system compromise through manipulation of LOID parameters. Public exploit code exists for this vulnerability, increasing the risk of active exploitation in deployed devices. No patch is currently available, making network segmentation and access controls critical for mitigation.
Remote code execution in Tenda HG9 firmware via stack buffer overflow in the Samba configuration endpoint allows authenticated attackers to achieve complete system compromise through manipulation of the sambaCap parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Stack buffer overflow in Tenda HG9 firmware's wireless configuration endpoint allows authenticated remote attackers to achieve arbitrary code execution through a malicious SSID parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability affects the /boaform/formWlanSetup component and currently has no available patch.
Buffer overflow in Tenda FH451 firmware versions up to 1.0.0.9 allows authenticated remote attackers to achieve code execution through crafted requests to the /goform/GstDhcpSetSer endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all affected devices at risk.
Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G firmware's /goform/ConfigExceptAli endpoint via unsafe string handling. Public exploit code is available for this vulnerability, increasing exploitation risk for unpatched devices. The flaw requires only network access and affects firmware version 1.7.7-171114 with no patch currently available.
Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve code execution by manipulating the submit-url parameter in the Operation Mode Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this flaw to fully compromise affected devices.
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the LTE Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this flaw to achieve complete system compromise including confidentiality, integrity, and availability breaches.
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.
Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) WLAN encryption configuration endpoint allows authenticated remote attackers to execute arbitrary code with high integrity and confidentiality impact. The vulnerability exists in the submit-url parameter handling within the /boafrm/formWlEncrypt component and has public exploit code available. No patch is currently available for this vulnerability.
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. [CVSS 8.2 HIGH]
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. [CVSS 8.2 HIGH]
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. [CVSS 8.2 HIGH]
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. [CVSS 8.2 HIGH]
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. [CVSS 8.2 HIGH]
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. [CVSS 8.2 HIGH]
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. [CVSS 8.2 HIGH]
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. [CVSS 7.5 HIGH]
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information. [CVSS 7.5 HIGH]
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 7.5 HIGH]
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. [CVSS 7.5 HIGH]
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. [CVSS 7.5 HIGH]
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information. [CVSS 7.5 HIGH]
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. [CVSS 7.5 HIGH]
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overflow a buffer via the remark parameter in the /goform/ConfigExceptMSN endpoint. Public exploit code is available and no patch has been released, creating immediate risk for exposed devices.
Remote code execution in Vaelsys 4.1.0 allows unauthenticated attackers to execute arbitrary OS commands via malicious xajaxargs parameters sent to the /tree/tree_server.php endpoint. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. This network-accessible flaw poses immediate risk to exposed Vaelsys installations.
Remote code execution in Tosei Online Store Management System 1.01 allows unauthenticated attackers to execute arbitrary OS commands through the DevId parameter in /cgi-bin/monitor.php. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires no user interaction and is exploitable over the network.
Improper access control in SourceCodester Student Result Management System 1.0 allows unauthenticated remote attackers to manipulate the SMTP configuration through the update_smtp.php endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running vulnerable PHP-based installations face potential compromise of email settings and system integrity.
SQL injection in Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the student results view functionality, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
Funadmin versions up to 7.1.0 contains a vulnerability that allows attackers to improper authorization (CVSS 7.3).
Unauthenticated remote attackers can execute arbitrary commands on dst-admin versions up to 1.5.0 by manipulating the Name parameter in the revertBackup function at /home/restore endpoint. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.
Path traversal in Dromara UJCMS 101.2 Template Handler allows authenticated remote attackers to manipulate the deleteDirectory function and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The attack requires valid credentials but can be executed remotely with minimal complexity.
The deleteBackup function in Dst Admin up to version 1.5.0 contains an improper resource handling flaw that permits authenticated remote attackers to trigger denial of service conditions. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it actionable in environments where access controls are weak.
Server-side request forgery in JeecgBoot 3.9.0's /sys/common/uploadImgByHttp endpoint allows authenticated attackers to manipulate the fileUrl parameter and make arbitrary HTTP requests from the vulnerable server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. [CVSS 3.5 LOW]
A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. [CVSS 3.5 LOW]
Funadmin up to version 7.1.0-rc4 contains an unsafe deserialization vulnerability in the AuthCloudService.php getMember function that allows authenticated remote attackers to manipulate the cloud_account parameter and execute arbitrary code. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. [CVSS 2.4 LOW]
A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. [CVSS 2.4 LOW]
A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. [CVSS 2.4 LOW]
A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. [CVSS 2.4 LOW]
A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. [CVSS 2.4 LOW]
Out-of-bounds write in the URL handler of Zaher1307's tiny_web_server allows remote attackers to achieve code execution, information disclosure, or denial of service without authentication. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. Users of tiny_web_server should implement network segmentation or disable this service until a fix becomes available.