Vulnerabilites CVE

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected versio...

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1...

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0....

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is...

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0....

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin...

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is...

The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected ve...

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected versio...

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected ver...

Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected versio...

ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no...

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execut...

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote ...

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode.

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.

A limited SQL injection risk was identified in the "browse list of users" site administration page.

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly.

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and ...

An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice.

A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.

PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file in...

RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function.

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.

RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.

RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.

RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.

ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions

Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.

Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.

hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst...

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.

A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.

SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.