Stack-based buffer overflow in Tenda HG9 firmware's pingAddr parameter allows unauthenticated remote attackers to achieve code execution through the /boaform/formPing6 endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries high severity with complete compromise potential across confidentiality, integrity, and availability.
Stack-based buffer overflow in the Diagnostic Ping Endpoint of Tenda HG9 firmware allows unauthenticated remote attackers to achieve code execution by supplying a malicious pingAddr parameter. The vulnerability exists in the /boaform/formPing component and is exploitable over the network with low complexity. Public exploit code exists and no patch is currently available.
Stack-based buffer overflow in Tenda HG9 firmware's loopback detection endpoint allows remote attackers with valid credentials to achieve complete system compromise through manipulation of the Ethtype parameter. Public exploit code exists for this vulnerability, creating immediate risk in deployed environments. No patch is currently available.
Remote code execution in Tenda HG9 firmware via stack buffer overflow in the GPON configuration endpoint allows authenticated attackers to achieve full system compromise through manipulation of LOID parameters. Public exploit code exists for this vulnerability, increasing the risk of active exploitation in deployed devices. No patch is currently available, making network segmentation and access controls critical for mitigation.
Remote code execution in Tenda HG9 firmware via stack buffer overflow in the Samba configuration endpoint allows authenticated attackers to achieve complete system compromise through manipulation of the sambaCap parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Stack buffer overflow in Tenda HG9 firmware's wireless configuration endpoint allows authenticated remote attackers to achieve arbitrary code execution through a malicious SSID parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability affects the /boaform/formWlanSetup component and currently has no available patch.
Buffer overflow in Tenda FH451 firmware versions up to 1.0.0.9 allows authenticated remote attackers to achieve code execution through crafted requests to the /goform/GstDhcpSetSer endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all affected devices at risk.
Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G firmware's /goform/ConfigExceptAli endpoint via unsafe string handling. Public exploit code is available for this vulnerability, increasing exploitation risk for unpatched devices. The flaw requires only network access and affects firmware version 1.7.7-171114 with no patch currently available.
Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve code execution by manipulating the submit-url parameter in the Operation Mode Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this flaw to fully compromise affected devices.
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the LTE Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this flaw to achieve complete system compromise including confidentiality, integrity, and availability breaches.
Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.
Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) WLAN encryption configuration endpoint allows authenticated remote attackers to execute arbitrary code with high integrity and confidentiality impact. The vulnerability exists in the submit-url parameter handling within the /boafrm/formWlEncrypt component and has public exploit code available. No patch is currently available for this vulnerability.
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. [CVSS 8.2 HIGH]
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. [CVSS 8.2 HIGH]
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. [CVSS 8.2 HIGH]
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. [CVSS 8.2 HIGH]
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. [CVSS 8.2 HIGH]
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. [CVSS 8.2 HIGH]
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. [CVSS 8.2 HIGH]
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. [CVSS 7.5 HIGH]
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information. [CVSS 7.5 HIGH]
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 7.5 HIGH]
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. [CVSS 7.5 HIGH]
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. [CVSS 7.5 HIGH]
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information. [CVSS 7.5 HIGH]
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. [CVSS 7.5 HIGH]
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overflow a buffer via the remark parameter in the /goform/ConfigExceptMSN endpoint. Public exploit code is available and no patch has been released, creating immediate risk for exposed devices.