Search Results (363422 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29332 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 6.5 Medium
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.
CVE-2022-29330 1 Vitalpbx 1 Vitalpbx 2024-11-21 4.9 Medium
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
CVE-2022-29329 1 Dlink 2 Dap-1330, Dap-1330 Firmware 2024-11-21 9.8 Critical
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.
CVE-2022-29328 1 Dlink 2 Dap-1330, Dap-1330 Firmware 2024-11-21 9.8 Critical
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.
CVE-2022-29327 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
CVE-2022-29326 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
CVE-2022-29325 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.
CVE-2022-29324 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.
CVE-2022-29323 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
CVE-2022-29322 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
CVE-2022-29321 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
CVE-2022-29320 1 Minitool 1 Partition Wizard 2024-11-21 7.8 High
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-29318 1 Car Rental Management System Project 1 Car Rental Management System 2024-11-21 7.2 High
An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-29317 1 Simple Bus Ticket Booking System Project 1 Simple Bus Ticket Booking System 2024-11-21 9.8 Critical
Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.
CVE-2022-29316 1 Complete Online Job Search System Project 1 Complete Online Job Search System 2024-11-21 9.8 Critical
Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch.
CVE-2022-29315 1 Invicti 1 Acunetix 2024-11-21 8.8 High
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.
CVE-2022-29307 1 Ionizecms 1 Ionize 2024-11-21 9.8 Critical
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.
CVE-2022-29306 1 Ionizecms 1 Ionize 2024-11-21 9.8 Critical
IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php.
CVE-2022-29305 1 Imgurl Project 1 Imgurl 2024-11-21 8.1 High
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.
CVE-2022-29304 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2024-11-21 8.8 High
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility.