Writeup Exploits
64,321 exploits tracked across all sources.
D-Link DNS-320L, DNS-325, DNS-327L, DNS-340L <20240403 - Hard-coded Credentials in nas_sharing.cgi
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS 9.8
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L - OS Command Injection via nas_sharing.cgi System Parameter
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS 7.3
D-Link DIR-845L Firmware <= 1.01KRb03 - Cross-Site Scripting via bsc_sms_inbox.php
D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.
CVSS 5.4
D-Link DIR-845L Firmware < 1.01krb03 - OS Command Injection via hnap_main() Function
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.
CVSS 7.5
D-LINK DIR-845L <=1.01KRb03 - Information Disclosure via bsc_sms_inbox.php
D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.
CVSS 5.3
TVS Motor Company Limited TVS Connet <4.5.1, 5.0.0 - Info Disclosure
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVSS 7.5
TVS Motor Company Limited TVS Connet <4.5.1, 5.0.0 - Info Disclosure
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVSS 7.5
TVS Motor Company Limited TVS Connet <5.0.0 - Privilege Escalation
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVSS 9.1
TVS Motor Company Limited TVS Connet <5.0.0 - Privilege Escalation
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
CVSS 9.1
Plasmoapp RPShare Fabric mod 1.0.0 - Remote Code Execution via DownloadPromptScreen Build Method
An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen
CVSS 8.8
Plasmoapp RPShare Fabric mod 1.0.0 - Remote Code Execution via getFileNameFromConnection Path Traversal
Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask
CVSS 8.8
piraeus-operator <= 2.5.0 - Improper Privilege Management via ClusterRole Secrets Access
There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster.
CVSS 7.5
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via event_id Parameter
A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.
CVSS 9.8
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via add_friends.php friend_index Parameter
SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.
CVSS 8.6
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.
CVSS 7.3
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
CVSS 9.8
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Name Parameter
SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.
CVSS 9.8
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
CVSS 8.1
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via my_index Parameter
A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.
CVSS 9.8
stsaz phiola v2.0-rc22 - Heap-based Buffer Overflow via Crafted WAV File
Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.
CVSS 8.8
phiola v2.0-rc22 - Heap-based Buffer Overflow in pcm_convert.h
Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file.
CVSS 7.1
phiola v2.0-rc22 - Remote Code Execution via Crafted WAV File
An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.
CVSS 8.8
phiola v2.0-rc22 - Denial of Service via Crafted WAV File
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.
CVSS 6.5
CubeCart < 6.5.5 - Authenticated Arbitrary Code Execution via PHAR File Upload
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
CVSS 8.0
onethink 1.1 - SQL Injection via ModelModel.class.php
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.
CVSS 9.8
By Source