Remote code execution in Tenda F453 firmware versions 1.0.0.3 and earlier results from a buffer overflow in the httpd component's DHCP configuration handler. An authenticated attacker can exploit this vulnerability over the network to achieve complete system compromise, and public exploit code is currently available.
Buffer overflow in Tenda F453 firmware versions 1.0.0.3 allows authenticated remote attackers to achieve full system compromise through malicious wanmode or PPPOEPassword parameters sent to the httpd service. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can exploit this to execute arbitrary code with complete control over confidentiality, integrity, and availability of affected devices.
Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buffer overflow in the L7Im web interface parameter handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can achieve complete system compromise including data theft, modification, and service disruption.
Remote code execution in Tenda F453 1.0.0.3 DNS firmware via a buffer overflow in the /goform/SetIpBind endpoint allows authenticated attackers to achieve full system compromise. The vulnerability stems from improper input validation of the page parameter and has public exploit code available. An attacker with network access and valid credentials can execute arbitrary code with complete system privileges.
Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to achieve complete system compromise through a buffer overflow in the QoS settings parameter. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.
Buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of the SafeUrlFilter page parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. [CVSS 3.3 LOW]
A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. [CVSS 3.3 LOW]
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. [CVSS 3.3 LOW]
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. [CVSS 3.3 LOW]
A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. [CVSS 3.3 LOW]
A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. [CVSS 3.3 LOW]
A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. [CVSS 3.3 LOW]
A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. [CVSS 3.3 LOW]
A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. [CVSS 3.3 LOW]
Maxsite Cms versions up to 109.1. contains a vulnerability that allows attackers to code injection (CVSS 7.3).
A security vulnerability has been detected in jarikomppa soloud versions up to 20200207. is affected by buffer overflow (CVSS 3.3).
A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. [CVSS 3.3 LOW]
A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript/language/chaiscript_eval.hpp. [CVSS 3.3 LOW]
A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. [CVSS 3.3 LOW]