| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function |
| D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. |
| Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. |
| There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload |
| There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload |
| There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution |
| Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971 |
| Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin. |
| FUDforum 3.1.1 is vulnerable to Stored XSS. |
| Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. |
| Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. |
| Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. |
| Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. |
| Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php. |
| Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. |
| Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory. |
| bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. |
| dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. |
| ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. |