CVE Catalog

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetWlanEncrypt' function, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This oversight allows for the return address to be overwritten, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, and although a proof of concept is available, the product has been end-of-life since 2009, with no support or fixes provided by the vendor.

A SQL injection vulnerability exists in Code-Projects Online Music Site version 1.0, specifically within the AdminEditAlbum.php file. The issue arises because the 'id' parameter is manipulated and directly incorporated into SQL queries without adequate sanitization or validation. This flaw allows remote attackers to inject malicious SQL code, potentially leading to unauthorized database access, data manipulation, and in some cases, complete system control.

A server-side request forgery (SSRF) vulnerability has been identified in Aider-AI Aider version 0.86.3. The issue arises in the 'api_docs.py' file within the 'AWS EC2 Metadata Endpoint' component. The vulnerability allows remote exploitation by manipulating the 'requests.get' function to access internal metadata URLs, potentially exposing sensitive information such as credentials. This behavior was observed during a manual retest, where Aider's built-in scraping path attempted to access a cloud metadata endpoint without any private-IP filtering or warning to the user.

A SQL injection vulnerability has been identified in Aider-AI Aider version 0.86.3. The issue arises within the Code Generation Workflow component, where an attacker can manipulate the application's handling of SQL queries. Initially, Aider generated safe, parameterized SQL queries. However, after accepting attacker-supplied guidance that promoted unsafe string formatting, Aider replaced the secure queries with vulnerable ones that could be exploited for SQL injection. This malicious coding standard was then applied to a new login function, further propagating the vulnerability.

A code injection vulnerability has been identified in Aider-AI Aider version 0.86.3, specifically within the Architect Mode. The issue arises in the function 'editor_coder.run' located in 'auth.py'. This vulnerability allows for remote exploitation, where an attacker can inject malicious code that is executed within the application. The injected code can be crafted to, for example, read sensitive files like '.env' and send their contents to an external server.

A vulnerability exists in Aider-AI Aider version 0.86.3, where the application bypasses Git pre-commit hooks by default. This is due to the 'git-commit-verify' option being set to 'False', which allows Aider to append '--no-verify' to Git commit commands. As a result, pre-commit hooks that enforce security policies or block certain patterns can be easily circumvented. The issue can be exploited remotely, and a public exploit is available.

A cross-site scripting (XSS) vulnerability has been identified in Orthanc Explorer versions 2.0.0 up to 1.12.0. The issue arises in the URL Handler component, specifically within the 'WebApplication/src/components/StudyList.vue' file. The vulnerability is triggered by the 'remote-source' URL query parameter, which is processed without proper sanitization. This unsanitized input is then injected into a Vue-i18n translation string and rendered as HTML, allowing an attacker to execute arbitrary JavaScript in the context of the user's browser session.

A remote code execution vulnerability exists in Bdtask Multi-Store Inventory Management System version 1.0. The issue arises in the module upload feature within the file 'application/modules/dashboard/controllers/Module.php'. The vulnerability allows authenticated admin users to upload ZIP files, which are then extracted into the 'application/modules/' directory. When the 'Add Module' view is accessed, the application executes an included PHP file from the uploaded ZIP without proper validation, enabling the execution of arbitrary PHP code on the server.

A SQL injection vulnerability exists in Code-Projects Online Music Site version 1.0, specifically within the AdminUpdateAlbum.php file. The issue arises because the 'id' parameter is manipulated and directly used in SQL queries without proper validation or sanitization. This vulnerability can be exploited remotely, allowing attackers to inject malicious SQL code, potentially leading to unauthorized database access, data manipulation, and execution of malicious operations on the server.

A critical vulnerability has been identified in the Visitor Management System version 1.0, available on code-projects.org. The issue arises from an SQL injection flaw in the file 'pass.php', specifically through the 'phone' POST parameter. This vulnerability allows attackers to manipulate the SQL query, potentially leading to unauthorized data access or modification. Exploitation of this SQL injection is possible remotely and can be chained with an unrestricted file upload vulnerability in 'admin_user_0.php', ultimately allowing for remote code execution on the server.

A vulnerability exists in the OUSL Group BrinaryBrains School Student Management System in versions prior to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. The issue is located in the 'Forgot Password' endpoint within the 'application/controllers/Login.php' file. The vulnerability allows for weak password recovery by manipulating the 'email' argument. This flaw can be exploited remotely and is characterized by high complexity, making exploitation difficult.

An insecure direct object reference vulnerability has been identified in the OUSL Group BrinaryBrains School Student Management System, affecting versions up to commit 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. The vulnerability resides in the 'marks' function of the 'Parents' controller, specifically within the 'application/controllers/Parents.php' file. The issue arises because the function accepts a student ID directly from the URL without proper authorization checks, allowing logged-in parents to access the academic information of students who are not their own. This vulnerability can be exploited remotely.

A vulnerability allowing authentication bypass has been identified in OUSL Group BrinaryBrains School Student Management System versions prior to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. The issue arises in the Login controller, specifically within the sign_auth_cookie function of the MY_Controller component. The vulnerability allows remote attackers to manipulate the 'role' argument, forge a valid 'school_auth' cookie, and bypass authentication, gaining unauthorized access to user accounts without needing passwords.

A vulnerability exists in the Advanced Custom Fields (ACF) plugin for WordPress, affecting all versions up to and including 6.8.1. The issue stems from the plugin's failure to properly verify user authorization, allowing unauthenticated attackers to overwrite the post title and content of any post linked to a publicly accessible ACF form. This is achieved by injecting values into the '_post_title' and '_post_content' parameters of the form submission request.

A command injection vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the 'formWlbasic' function. The vulnerability is triggered by manipulating the 'rootAPmac' argument, allowing remote attackers to execute arbitrary commands on the device.

A stack-based buffer overflow vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the function 'formWanTcpipSetup'. The vulnerability can be exploited remotely by manipulating the 'pppUserName' argument. Publicly available exploits may be used to take advantage of this vulnerability.

A buffer overflow vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the 'formUSBFolder' function. The vulnerability can be exploited remotely by manipulating the 'ShareName' or 'SelectName' arguments.

A buffer overflow vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the 'formUSBAccount' function of the '/goform/formUSBAccount' file. The vulnerability can be exploited remotely by manipulating the 'UserName' and 'Password' arguments.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetPassword' function within the 'boa' binary, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This lack of input validation allows for excessive data to overwrite the return address, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, causing the router to crash and disrupt its normal service.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formResetStatistic' function within the 'boa' binary, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This oversight allows for the return address to be overwritten, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, causing the router to crash and fail to provide services correctly.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetEnableWizard' function, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This lack of input validation allows for excessive data to overwrite the return address, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, causing the router to crash and disrupt its normal service.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSysLog' function within the 'boa' binary, where the 'webpage' parameter is not properly validated before being processed. This lack of input sanitization allows for excessive data to overwrite the function's return address, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, and a proof-of-concept has been made publicly available. Notably, this product has been end-of-life since 2009, and the vendor has stated that they are unable to address any vulnerabilities for unsupported products.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the formPortFw function within the file /goform/formPortFw, where the server_name argument is manipulated, leading to a stack-based buffer overflow. This vulnerability can be exploited remotely, causing the device to crash and fail to provide services correctly. The vendor has stated that this product has been end-of-life since 2009 and is unable to address any vulnerabilities.

A vulnerability exists in Open5GS versions through 2.7.6, specifically within the NGAP PathSwitchRequest Message Handler. The issue arises because the AMF component fails to properly verify the User Equipment (UE) Security Capabilities received in PathSwitchRequest messages against the values stored in its UE context. This flaw allows a malicious gNB to overwrite the AMF's security capability values with arbitrary data, which can disrupt handover procedures and cause denial-of-service for affected UEs.

A denial-of-service vulnerability has been identified in Open5GS versions through 2.7.7. The issue resides in the NF instances endpoint, specifically within the 'handle_amf_info' function of the 'nnrf-handler.c' library. This vulnerability allows for resource exhaustion by manipulating the 'nf_info_pool' argument, leading to increased resource consumption. The issue can be exploited remotely and has been publicly disclosed.

A SQL injection vulnerability exists in Bdtask Multi-Store Inventory Management System version 1.0. The issue is located in the Accounts Report Handler, specifically within the 'accounts_report_search' function of 'application/modules/accounts/controllers/Accounts.php'. The vulnerability arises from the direct interpolation of user input into SQL queries without proper parameterization, allowing remote attackers to manipulate the 'dtpToDate' argument and execute arbitrary SQL commands. This exploitation requires an admin-level account.

An authorization bypass vulnerability has been identified in Dolibarr ERP CRM versions 23.0.0, 23.0.1, and 23.0.2. The issue arises in the messaging.php file, where improper handling of the ID argument allows for unauthorized access. This vulnerability can be exploited remotely.

A cross-site scripting (XSS) vulnerability has been identified in CicadasCMS versions prior to commit 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The issue arises in the search function of the file 'org/springframework/cache/support/AbstractCacheManager.java', where improper handling of the 's' parameter allows for the injection of malicious scripts. This vulnerability can be exploited remotely, and the exploit has been made public.

An access control vulnerability has been identified in TaleLin lin-cms-spring-boot versions through 0.2.1. The issue resides in the BookController component, specifically within the book endpoint. The vulnerability allows remote attackers to create arbitrary books and update existing ones without authorization. This exploitation is possible because the affected methods do not perform any permission checks before accessing the database.

A command injection vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler, within the 'formStaDrvSetup' function. The vulnerability can be exploited remotely by manipulating the 'rootAPmac' argument, allowing for unauthorized command execution on the device.

A buffer overflow vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler within the 'formQoS' function, where the 'selSSID' argument can be manipulated, leading to memory corruption. This vulnerability can be exploited remotely, and public exploits are available.

A denial-of-service vulnerability has been identified in the Text::LineFold module for Perl, specifically in versions through 2019.001. The issue arises because the module improperly handles line break characters, leading to unintended duplication of the input string. This mismanagement can cause unexpected resource consumption.

A stack-based buffer overflow vulnerability has been identified in the Edimax BR-6478AC router, specifically in version 1.23. The issue arises in the POST request handler function 'formPPPoESetup', where the 'pppUserName' argument can be manipulated, leading to the overflow. This vulnerability can be exploited remotely, and public exploits are available.

A stack-based buffer overflow vulnerability has been identified in Shibby Tomato versions prior to 1.28, specifically in the Zserv Handler component. The issue arises in the 'rip_zebra_read_ipv4' function within the 'ripd' daemon, which processes zebra routing updates via a local Unix domain socket. The vulnerability allows for remote exploitation by sending a crafted zserv frame that manipulates the prefix length, leading to an out-of-bounds write that overwrites saved registers and the return address.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetDomainFilter' function within the '/goform/formSetDomainFilter' file. The vulnerability can be exploited remotely by manipulating the 'blocked_domain', 'permitted_domain', 'blocked_domain_list', or 'permitted_domain_list' arguments. The lack of input validation allows for excessive data to overwrite the stack, potentially leading to arbitrary code execution. This vulnerability affects a product that has been end-of-life since 2009 and is no longer supported by the vendor.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetProtocolFilter' function within the 'boa' binary, where the 'protocol_name' parameter is not properly validated before being copied to a local variable on the stack. This lack of input validation allows for arbitrary code execution by overwriting the function's return address. The vulnerability can be exploited remotely, causing the router to crash and fail to provide services correctly.

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetUrlFilter' function within the '/goform/formSetUrlFilter' file. The vulnerability allows for remote exploitation by manipulating the 'keyword_list' and 'keyword' arguments, leading to arbitrary code execution. This flaw exists in a product that has been end-of-life since 2009, and the vendor has stated that they are unable to replicate or fix any vulnerabilities for unsupported products.

A denial-of-service vulnerability has been identified in WinMTR version 0.91. This issue allows attackers to crash the application by sending a malformed payload file that contains a large buffer of repeated characters. The vulnerability is triggered when the application processes an input file with 238 bytes of data, leading to a buffer overflow condition that causes the application to crash.

An SQL injection vulnerability has been identified in Yot CMS version 3.3.1. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads into the aid and cid parameters. Exploitation of this vulnerability enables attackers to extract database information, including table and column names.

A SQL injection vulnerability has been identified in Gate Pass Management System version 2.1. This vulnerability allows unauthenticated attackers to bypass authentication by injecting SQL code into the login and password parameters. Exploitation involves sending crafted POST requests to the login-exec.php page with SQL injection payloads, enabling attackers to gain access to the application without valid credentials.

A SQL injection vulnerability has been identified in the MOGG Web Simulator Script, all versions. This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious payloads through the 'id' parameter. The exploitation of this vulnerability can lead to the extraction of sensitive database information, including usernames and other personal data. The issue arises in the 'play.php' file, where the application fails to properly sanitize user input before incorporating it into SQL queries.

A path traversal vulnerability has been identified in Open STA Manager version 2.3. This vulnerability allows authenticated users to download arbitrary files by manipulating the file parameter. By sending GET requests to modules/backup/actions.php with the operation set to 'getfile', attackers can traverse directories using '../' sequences to access sensitive system files.

A SQL injection vulnerability has been identified in AiOPMSD Final version 1.0.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the 'id' parameter. Exploitation involves sending crafted GET requests to watch.php, which can lead to the extraction of sensitive database information such as usernames, database names, and version details.

A SQL injection vulnerability has been identified in AiOPMSD Final version 1.0.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the genre parameter. Exploitation involves sending crafted GET requests to genre.php, which can lead to the extraction of sensitive database information such as usernames, database names, and version details.

A SQL injection vulnerability has been identified in AiOPMSD Final version 1.0.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the 'year' parameter. The issue arises in the 'year.php' file, where crafted SQL injections can be used to extract sensitive database information such as usernames, database names, and version details.

A SQL injection vulnerability has been identified in AiOPMSD Final version 1.0.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the 'quality' parameter. The issue is present in the 'quality.php' file, where crafted SQL injections can be used to extract sensitive database information such as usernames, database names, and version details.

A SQL injection vulnerability has been identified in AiOPMSD Final version 1.0.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the country parameter. The injection can be exploited by sending crafted GET requests to country.php, potentially leading to the extraction of sensitive database information such as usernames, database names, and version details.

A SQL injection vulnerability has been identified in AiOPMSD Final version 1.0.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the 'director' parameter. Exploitation involves sending crafted GET requests to 'director.php', which can lead to the extraction of sensitive database information such as usernames, database names, and version details.

A SQL injection vulnerability has been identified in AiOPMSD Final version 1.0.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the 'actor' parameter. Exploitation involves sending crafted GET requests to 'actor.php', which can lead to the extraction of sensitive database information such as usernames, database names, and version details.

A SQL injection vulnerability has been identified in AiOPMSD Final version 1.0.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the 'q' parameter. Exploitation involves sending crafted GET requests to search.php, which can lead to the extraction of sensitive database information such as usernames, database names, and version details.