|
314631
|
7.2 |
HIGH
Network
|
hms-networks
|
ewon_cosy\+_firmware
|
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s…
|
CWE-78
OS Command
|
CVE-2024-33896
|
2024-09-4 04:02 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314632
|
6.6 |
MEDIUM
Physics
|
hms-networks
|
ewon_cosy\+_firmware
|
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is n…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-33895
|
2024-09-4 04:02 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314633
|
9.8 |
CRITICAL
Network
|
arajajyothibabu
|
school_management_system
|
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
|
CWE-89
SQL Injection
|
CVE-2024-42568
|
2024-09-4 03:35 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314634
|
7.5 |
HIGH
Network
|
tenda
|
fh1206_firmware
|
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) v…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42987
|
2024-09-4 03:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314635
|
9.8 |
CRITICAL
Network
|
tenda
|
fh1206_firmware
|
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.
|
NVD-CWE-noinfo
|
CVE-2024-42978
|
2024-09-4 03:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314636
|
7.5 |
HIGH
Network
|
tenda
|
fh1201_firmware
|
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42948
|
2024-09-4 03:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314637
|
9.6 |
CRITICAL
Network
|
vtiger
|
vtiger_crm
|
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44778
|
2024-09-4 03:34 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314638
|
9.6 |
CRITICAL
Network
|
vtiger
|
vtiger_crm
|
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via …
|
CWE-79
Cross-site Scripting
|
CVE-2024-44779
|
2024-09-4 03:33 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314639
|
9.6 |
CRITICAL
Network
|
vtiger
|
vtiger_crm
|
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injec…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44777
|
2024-09-4 03:33 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314640
|
6.1 |
MEDIUM
Network
|
vtiger
|
vtiger_crm
|
An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL.
|
CWE-601
Open Redirect
|
CVE-2024-44776
|
2024-09-4 03:33 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
