Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4015 | 1 Sports Club Management System Project | 1 Sports Club Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/make_payments.php. The manipulation of the argument m_id/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213789 was assigned to this vulnerability. | |||||
| CVE-2022-40981 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2023-12-28 | N/A | 10.0 CRITICAL |
| All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. | |||||
| CVE-2021-22962 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | |||||
| CVE-2022-3729 | 1 Ehoney Project | 1 Ehoney | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. | |||||
| CVE-2022-3714 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-43870 | 1 Paxton-access | 1 Net2 | 2023-12-28 | N/A | 9.8 CRITICAL |
| When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content. | |||||
| CVE-2023-6306 | 1 Mayurik | 1 Free And Open Source Inventory Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246132. | |||||
| CVE-2023-6305 | 1 Mayurik | 1 Free And Open Source Inventory Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246131. | |||||
| CVE-2023-48738 | 1 Portotheme | 1 Functionality | 2023-12-28 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1. | |||||
| CVE-2019-25158 | 1 Pedroetb | 1 Tts-api | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-45435 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. | |||||
| CVE-2023-41615 | 1 Phpgurukul | 1 Zoo Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. | |||||
| CVE-2021-26443 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |||||
| CVE-2008-0062 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-28 | 9.3 HIGH | 9.8 CRITICAL |
| KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | |||||
| CVE-2023-3654 | 1 Cashit | 1 Cashit\! | 2023-12-28 | N/A | 9.8 CRITICAL |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | |||||
| CVE-2023-3656 | 1 Cashit | 1 Cashit\! | 2023-12-28 | N/A | 9.8 CRITICAL |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | |||||
| CVE-2022-23125 | 2 Debian, Netatalk | 2 Debian Linux, Netatalk | 2023-12-28 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869. | |||||
| CVE-2023-33222 | 1 Idemia | 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more | 2023-12-28 | N/A | 9.8 CRITICAL |
| When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | |||||
| CVE-2023-27074 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. | |||||
| CVE-2023-0562 | 1 Phpgurukul | 1 Bank Locker Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716. | |||||
| CVE-2023-39551 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2023-12-28 | N/A | 9.8 CRITICAL |
| PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. | |||||
| CVE-2023-7058 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability. | |||||
| CVE-2023-29384 | 1 Hmplugin | 1 Jobwp | 2023-12-28 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. | |||||
| CVE-2021-43882 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42313 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 10.0 HIGH | 10.0 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42311 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 10.0 HIGH | 10.0 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-42310 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2023-51050 | 1 S-cms | 1 S-cms | 2023-12-27 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51049 | 1 S-cms | 1 S-cms | 2023-12-27 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51048 | 1 S-cms | 1 S-cms | 2023-12-27 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51024 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51023 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. | |||||
| CVE-2023-7021 | 1 Tongda2000 | 1 Office Anywhere 2017 | 2023-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7020 | 1 Tongda2000 | 1 Office Anywhere 2017 | 2023-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51015 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi | |||||
| CVE-2023-51014 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi | |||||
| CVE-2023-51013 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51012 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51011 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi | |||||
| CVE-2023-51027 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51025 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51020 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51019 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51017 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-51022 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51021 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-51016 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. | |||||
| CVE-2023-7022 | 1 Tongda2000 | 1 Office Anywhere 2017 | 2023-12-27 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/work_plan/manage/delete_all.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||