|
312431
|
6.1 |
MEDIUM
Network
|
lopalopa
|
responsive_school_management_system
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2024-41241
|
2024-09-4 04:35 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312432
|
7.5 |
HIGH
Network
|
hms-networks
|
ewon_cosy\+_firmware
|
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in vers…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-33892
|
2024-09-4 04:18 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312433
|
7.2 |
HIGH
Network
|
hms-networks
|
ewon_cosy\+_firmware
|
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s…
|
CWE-78
OS Command
|
CVE-2024-33896
|
2024-09-4 04:02 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312434
|
6.6 |
MEDIUM
Physics
|
hms-networks
|
ewon_cosy\+_firmware
|
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is n…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-33895
|
2024-09-4 04:02 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312435
|
9.8 |
CRITICAL
Network
|
arajajyothibabu
|
school_management_system
|
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
|
CWE-89
SQL Injection
|
CVE-2024-42568
|
2024-09-4 03:35 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312436
|
7.5 |
HIGH
Network
|
tenda
|
fh1206_firmware
|
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) v…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42987
|
2024-09-4 03:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312437
|
9.8 |
CRITICAL
Network
|
tenda
|
fh1206_firmware
|
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.
|
NVD-CWE-noinfo
|
CVE-2024-42978
|
2024-09-4 03:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312438
|
7.5 |
HIGH
Network
|
tenda
|
fh1201_firmware
|
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42948
|
2024-09-4 03:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312439
|
9.6 |
CRITICAL
Network
|
vtiger
|
vtiger_crm
|
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44778
|
2024-09-4 03:34 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312440
|
9.6 |
CRITICAL
Network
|
vtiger
|
vtiger_crm
|
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via …
|
CWE-79
Cross-site Scripting
|
CVE-2024-44779
|
2024-09-4 03:33 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
