CVE Catalog

A SQL injection vulnerability has been identified in the Online Hospital Management System version 1.php. The issue arises in the login_user function within the login_1.php file, where the 'username' parameter is manipulated and directly inserted into a SQL query without proper sanitization. This flaw allows remote attackers to execute unauthorized SQL commands, potentially bypassing authentication and accessing sensitive data from the database.

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-8400 router, affecting firmware versions through 16.07.26A1. The vulnerability arises in an unknown function of the file dbsrv.asp, where improper handling of the str argument allows for remote exploitation. The issue has been made public, and the initial research advisory notes conflicting parameter names regarding the vulnerability.

A vulnerability allowing unauthorized file uploads has been identified in Metasoft MetaCRM version 6.4.0. The issue arises in an unknown function of the file develop/systparam/softlogo/upload.jsp, where unrestricted file upload capabilities are present. This vulnerability can be exploited remotely.

A SQL injection vulnerability has been identified in OFCMS version 1.1.3. The issue resides in the JSON Query Interface, specifically within the SysUserController component. The vulnerability is triggered by the Query function in the file 'SysUserController.java', where the 'field' parameter is improperly validated. This flaw allows attackers to manipulate SQL queries by injecting complex expressions, including nested subqueries and Boolean logic, into the 'ORDER BY' clause. The vulnerability can be exploited remotely, and public exploit details are available.

A SQL injection vulnerability has been identified in OFCMS version 1.1.3 within the JSON Query Interface. The issue arises in the SystemParamController component, specifically in the Query function of the file located at 'ofcms-admin/src/main/java/com/ofsoft/cms/admin/controller/system/SystemParamController.java'. The vulnerability allows remote attackers to manipulate the 'field' parameter, which is improperly validated and directly appended to the 'ORDER BY' clause of the SQL query. This flaw enables blind SQL injection by crafting complex SQL expressions, including nested subqueries and Boolean logic.

A SQL injection vulnerability has been identified in OFCMS version 1.1.3. The issue resides in the JSON Query Interface, specifically within the SystemDictController component. The vulnerability is triggered by the Query function, where the 'field' parameter is improperly validated. This flaw allows remote attackers to manipulate SQL queries by injecting complex SQL expressions, including nested subqueries and Boolean logic, into the 'ORDER BY' clause. The vulnerability has been publicly disclosed and is exploitable.

A divide-by-zero vulnerability has been identified in Assimp versions prior to 6.0.4. The issue arises in the FBXExporter::WriteObjects function within FBXExporter.cpp, specifically when handling UV channels. If a UV channel exists but has zero components, the exporter attempts to divide by zero, leading to a crash. This vulnerability can be exploited locally.

A heap-based buffer overflow vulnerability has been identified in Assimp versions prior to 6.0.4. The issue arises in the glTFCommon::CopyValue function within glTFCommon.h, specifically when the 4x4 Matrix Parser processes a corrupted or malicious GLTF file. The vulnerability occurs because the parser allocates only 1 byte of memory but attempts to read 64 bytes (equivalent to 16 float values for a 4x4 matrix) without proper boundary checks. This out-of-bounds read not only causes a crash but could also be exploited to leak sensitive memory information.

A null pointer dereference vulnerability has been identified in Assimp versions prior to 6.0.4. The issue arises in the glTF2 importer, specifically within the LazyDict function of glTF2Asset.h. The vulnerability occurs when the importer accesses animation channels that reference non-existent nodes, leading to a crash. This flaw can be exploited locally, and a public exploit is available.

A null pointer dereference vulnerability has been identified in Assimp versions through 6.0.4, specifically within the glTF importer component. The issue arises in the 'ImportMeshes' function of 'glTFImporter.cpp', where the 'ExtractData()' return value is not properly checked. This oversight allows a null pointer to be dereferenced, leading to a crash. The vulnerability requires local execution to exploit.

A vulnerability in OTRS version 2026.3.1 arises from an improper default configuration that automatically applies the 'Is visible for customer' flag to ticket article forwarding actions. This default setting prevents users from disabling the flag through the user interface, resulting in the unintended disclosure of internal ticket information to the External Frontend.

A null pointer dereference vulnerability has been identified in Assimp versions prior to 6.0.4. The issue arises in the glTF2Importer::ImportEmbeddedTextures function within the file code/AssetLib/glTF2/glTF2Importer.cpp. This vulnerability occurs when the importer processes glTF files with malformed mimeType values, leading to an invalid memory read and causing the application to crash. The root cause is pointer arithmetic performed on the result of strchr, without checking for NULL. When the mimeType lacks a '/', strchr returns NULL, and the subsequent dereference leads to a crash.

A heap out-of-bounds read vulnerability has been identified in Sereal::Decoder versions prior to 5.005 for Perl. The issue arises in the decoding of COPY tags, which are back-references that can be manipulated to read beyond the intended buffer limits. Specifically, when a COPY tag points to a SHORT_BINARY pattern, the decoder can be tricked into reading up to 31 bytes from the heap, potentially leading to the disclosure of sensitive information or memory corruption.

A SQL injection vulnerability has been identified in OFCMS versions through 1.1.3. The issue resides in the ComnController component, specifically within the Query function of the file 'ComnController.java'. The vulnerability arises from inadequate validation of the 'system.user.query' parameter, allowing attackers to manipulate SQL queries by injecting complex SQL expressions. This flaw can be exploited remotely, and public exploit details are available.

A stack-based buffer overflow vulnerability has been identified in the Tenda W12 router, specifically in version 3.0.0.7(4763). The issue arises in the set_local_time_0 function within the /bin/httpd file, where improper handling of the Time argument allows for remote exploitation.

A stack-based buffer overflow vulnerability has been identified in the Tenda W12 router, specifically in version 3.0.0.7(4763). The issue arises in the cgiWifiMacFilterSet function within the /bin/httpd file, where improper handling of the wifiMacFilterSet.macList.mac argument creates the potential for remote exploitation.

A denial-of-service vulnerability has been identified in the Tenda W12 router, specifically in version 3.0.0.7(4763). The issue arises in the Web Management Interface, within the function 'cgiSysWebTimeoutSet' of the '/bin/httpd' file. The vulnerability allows for remote exploitation by manipulating the 'web_over_time' argument, leading to a service disruption.

A stack-based buffer overflow vulnerability has been identified in the Tenda W12 router, specifically in version 3.0.0.7(4763). The issue arises in the cgiSysTimeInfoSet function within the /bin/httpd file, where improper handling of the 'sec' argument allows for remote exploitation.

A stack-based buffer overflow vulnerability has been identified in the Tenda W12 router, specifically in version 3.0.0.7(4763). The issue arises in the cgistaKickOff function within the /bin/httpd file, where improper handling of the staMac argument can be exploited remotely.

A stack-based buffer overflow vulnerability has been identified in the Totolink N300RH router, specifically in version 6.1c.1353_B20190305. The issue arises in the Web Management Interface, within the function setWiFiBasicConfig of the file wireless.so. This vulnerability can be exploited remotely by manipulating the KeyStr argument.

A SQL injection vulnerability has been identified in the Online Hospital Management System version 1.0. The issue resides in the patient.php file, where the editid parameter is manipulated, allowing for SQL injection. This vulnerability can be exploited remotely by unauthenticated users, as the file does not implement any authentication checks before processing the editid parameter. Exploitation of this vulnerability could lead to unauthorized access and manipulation of patient records, bypassing authentication, or extraction of sensitive database information, including admin credentials.

A SQL injection vulnerability has been identified in SourceCodester Hospitals Patient Records Management System version 1.0. The issue arises in the file '/classes/Users.php?f=save', where the 'id' parameter is not properly validated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential leakage of sensitive information.

A SQL injection vulnerability has been identified in SourceCodester Hospitals Patient Records Management System version 1.0. The issue arises in the '/classes/Users.php?f=delete' file, where the 'id' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, potentially leading to unauthorized database access, data manipulation, and leakage of sensitive information.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formWlanSetup' function of the 'boa' binary, where the 'enrollee' parameter is not properly validated before being copied to a local variable on the stack. This lack of input validation allows for arbitrary code execution by overwriting the function's return address. The vulnerability can be exploited remotely, and a public proof of concept is available.

A command injection vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formWlanSetup' function of the '/goform/formWlanSetup' file, where the 'enrollee' argument can be manipulated to execute arbitrary commands on the operating system. This vulnerability can be exploited remotely.

A SQL injection vulnerability has been identified in OpenCATS versions 0.9.1a and later. The issue arises in the DataGrid filter handling for the Candidates 'Tags' column, which is designated as non-filterable. Despite this restriction, authenticated attackers can manipulate filter requests to inject SQL, executing arbitrary queries against the database. The vulnerability exploits the server-side filter processing, which accepts crafted input for columns that should not be filterable.

A SQL injection vulnerability has been identified in OpenCATS versions through 0.9.7.4. The issue resides in the DataGrid component, specifically within the sortDirection parameter, which is improperly validated and concatenated directly into SQL queries. This vulnerability allows authenticated users to perform time-based blind injection attacks, extracting sensitive database information. The injection occurs via the sortDirection parameter in ajax/getDataGridPager.php.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSysCmd' function within the 'boa' binary, where the 'submit-url' parameter is not properly validated before being copied to a local variable on the stack. This oversight allows attackers to send overly long 'submit-url' values, overwriting the function's return address and potentially executing arbitrary code. The vulnerability can be exploited remotely, leading to a crash of the router, which then fails to provide services correctly or persistently.

A command injection vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSysCmd' function of the '/goform/formSysCmd' file, where the 'sysCmd' argument can be manipulated to execute arbitrary commands on the operating system. This vulnerability can be exploited remotely.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetWlanEncrypt' function, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This oversight allows for the return address to be overwritten, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, and although a proof of concept is available, the product has been end-of-life since 2009, with no support or fixes provided by the vendor.

A SQL injection vulnerability exists in Code-Projects Online Music Site version 1.0, specifically within the AdminEditAlbum.php file. The issue arises because the 'id' parameter is manipulated and directly incorporated into SQL queries without adequate sanitization or validation. This flaw allows remote attackers to inject malicious SQL code, potentially leading to unauthorized database access, data manipulation, and in some cases, complete system control.

A server-side request forgery (SSRF) vulnerability has been identified in Aider-AI Aider version 0.86.3. The issue arises in the 'api_docs.py' file within the 'AWS EC2 Metadata Endpoint' component. The vulnerability allows remote exploitation by manipulating the 'requests.get' function to access internal metadata URLs, potentially exposing sensitive information such as credentials. This behavior was observed during a manual retest, where Aider's built-in scraping path attempted to access a cloud metadata endpoint without any private-IP filtering or warning to the user.

A SQL injection vulnerability has been identified in Aider-AI Aider version 0.86.3. The issue arises within the Code Generation Workflow component, where an attacker can manipulate the application's handling of SQL queries. Initially, Aider generated safe, parameterized SQL queries. However, after accepting attacker-supplied guidance that promoted unsafe string formatting, Aider replaced the secure queries with vulnerable ones that could be exploited for SQL injection. This malicious coding standard was then applied to a new login function, further propagating the vulnerability.

A code injection vulnerability has been identified in Aider-AI Aider version 0.86.3, specifically within the Architect Mode. The issue arises in the function 'editor_coder.run' located in 'auth.py'. This vulnerability allows for remote exploitation, where an attacker can inject malicious code that is executed within the application. The injected code can be crafted to, for example, read sensitive files like '.env' and send their contents to an external server.

A vulnerability exists in Aider-AI Aider version 0.86.3, where the application bypasses Git pre-commit hooks by default. This is due to the 'git-commit-verify' option being set to 'False', which allows Aider to append '--no-verify' to Git commit commands. As a result, pre-commit hooks that enforce security policies or block certain patterns can be easily circumvented. The issue can be exploited remotely, and a public exploit is available.

A cross-site scripting (XSS) vulnerability has been identified in Orthanc Explorer versions 2.0.0 up to 1.12.0. The issue arises in the URL Handler component, specifically within the 'WebApplication/src/components/StudyList.vue' file. The vulnerability is triggered by the 'remote-source' URL query parameter, which is processed without proper sanitization. This unsanitized input is then injected into a Vue-i18n translation string and rendered as HTML, allowing an attacker to execute arbitrary JavaScript in the context of the user's browser session.

A remote code execution vulnerability exists in Bdtask Multi-Store Inventory Management System version 1.0. The issue arises in the module upload feature within the file 'application/modules/dashboard/controllers/Module.php'. The vulnerability allows authenticated admin users to upload ZIP files, which are then extracted into the 'application/modules/' directory. When the 'Add Module' view is accessed, the application executes an included PHP file from the uploaded ZIP without proper validation, enabling the execution of arbitrary PHP code on the server.

A SQL injection vulnerability exists in Code-Projects Online Music Site version 1.0, specifically within the AdminUpdateAlbum.php file. The issue arises because the 'id' parameter is manipulated and directly used in SQL queries without proper validation or sanitization. This vulnerability can be exploited remotely, allowing attackers to inject malicious SQL code, potentially leading to unauthorized database access, data manipulation, and execution of malicious operations on the server.

A critical vulnerability has been identified in the Visitor Management System version 1.0, available on code-projects.org. The issue arises from an SQL injection flaw in the file 'pass.php', specifically through the 'phone' POST parameter. This vulnerability allows attackers to manipulate the SQL query, potentially leading to unauthorized data access or modification. Exploitation of this SQL injection is possible remotely and can be chained with an unrestricted file upload vulnerability in 'admin_user_0.php', ultimately allowing for remote code execution on the server.

A vulnerability exists in the OUSL Group BrinaryBrains School Student Management System in versions prior to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. The issue is located in the 'Forgot Password' endpoint within the 'application/controllers/Login.php' file. The vulnerability allows for weak password recovery by manipulating the 'email' argument. This flaw can be exploited remotely and is characterized by high complexity, making exploitation difficult.

An insecure direct object reference vulnerability has been identified in the OUSL Group BrinaryBrains School Student Management System, affecting versions up to commit 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. The vulnerability resides in the 'marks' function of the 'Parents' controller, specifically within the 'application/controllers/Parents.php' file. The issue arises because the function accepts a student ID directly from the URL without proper authorization checks, allowing logged-in parents to access the academic information of students who are not their own. This vulnerability can be exploited remotely.

A vulnerability allowing authentication bypass has been identified in OUSL Group BrinaryBrains School Student Management System versions prior to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. The issue arises in the Login controller, specifically within the sign_auth_cookie function of the MY_Controller component. The vulnerability allows remote attackers to manipulate the 'role' argument, forge a valid 'school_auth' cookie, and bypass authentication, gaining unauthorized access to user accounts without needing passwords.

A vulnerability exists in the Advanced Custom Fields (ACF) plugin for WordPress, affecting all versions up to and including 6.8.1. The issue stems from the plugin's failure to properly verify user authorization, allowing unauthenticated attackers to overwrite the post title and content of any post linked to a publicly accessible ACF form. This is achieved by injecting values into the '_post_title' and '_post_content' parameters of the form submission request.

A command injection vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the 'formWlbasic' function. The vulnerability is triggered by manipulating the 'rootAPmac' argument, allowing remote attackers to execute arbitrary commands on the device.

A stack-based buffer overflow vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the function 'formWanTcpipSetup'. The vulnerability can be exploited remotely by manipulating the 'pppUserName' argument. Publicly available exploits may be used to take advantage of this vulnerability.

A buffer overflow vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the 'formUSBFolder' function. The vulnerability can be exploited remotely by manipulating the 'ShareName' or 'SelectName' arguments.

A buffer overflow vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the 'formUSBAccount' function of the '/goform/formUSBAccount' file. The vulnerability can be exploited remotely by manipulating the 'UserName' and 'Password' arguments.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetPassword' function within the 'boa' binary, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This lack of input validation allows for excessive data to overwrite the return address, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, causing the router to crash and disrupt its normal service.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formResetStatistic' function within the 'boa' binary, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This oversight allows for the return address to be overwritten, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, causing the router to crash and fail to provide services correctly.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetEnableWizard' function, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This lack of input validation allows for excessive data to overwrite the return address, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, causing the router to crash and disrupt its normal service.