Publicly Disclosed
PoC Exploits

A vulnerability has been identified in the Linux kernel's crypto module that potentially affects the integrity of encryption methods. The issue arises from the handling of the ssize parameter during decryption and in-place encryption processes. Specifically, the ssize check was not conducted earl...

The vulnerability arises from mismatched length fields in Zlib compressed protocol headers within MongoDB Server, potentially allowing an unauthenticated client to access uninitialized heap memory. This could lead to unauthorized information exposure, affecting versions of MongoDB Server across m...

The vulnerability in Clinic's Patient Management System version 1.0 allows an attacker to execute arbitrary code remotely. This is achieved through a flaw in the profile picture upload feature located in users.php, which does not adequately validate file uploads. As a result, an attacker can uplo...

The ETAP Safety Manager version 1.0.0.32 is vulnerable to a cross-site scripting (XSS) attack via the 'action' GET parameter. This vulnerability allows unauthenticated attackers to inject and execute malicious HTML and JavaScript in the browsers of users accessing the affected system. By crafting...

Ksenia Security's Lares 4.0 version 1.6 is susceptible to a URL redirection flaw within the 'cmdOk.xml' script. This vulnerability enables attackers to exploit the 'redirectPage' GET parameter, allowing them to generate malicious links. When a user, who is authenticated, clicks on such a link fro...

An unprotected endpoint vulnerability exists in the Ksenia Security Lares 4.0 Home Automation version 1.6. This flaw enables authenticated attackers to upload MPFS File System binary images, which can lead to the overwriting of flash program memory. By exploiting this weakness, attackers may exec...

Anevia Flamingo XL version 3.2.9 contains a vulnerability that exposes users to severe security risks by allowing remote attackers to escape the sandboxed environment via the traceroute command. This flaw can be exploited to inject malicious shell commands, potentially granting attackers full roo...

The Ksenia Security Lares Home Automation version 1.6 is susceptible to a vulnerability that involves default administrative credentials. This weakness permits unauthorized individuals to gain administrative control over the home automation system, potentially leading to significant security brea...

The Akuvox Smart Intercom S539 is affected by an improper access control vulnerability that grants users with 'User' privileges the ability to modify API access settings and configurations. This flaw could enable attackers to escalate their privileges, allowing unauthorized manipulation of the de...

The Akuvox Smart Intercom S539 is exposed to a serious vulnerability that permits unauthorized users to access live video feeds. By sending a request to the video.cgi endpoint on port 8080, attackers can obtain sensitive video stream data without any form of authentication. This flaw compromises ...

Tosibox Key Service version 3.3.0 exhibits an unquoted service path vulnerability, where local users without administrative privileges may exploit this weakness to execute arbitrary code with elevated permissions. This flaw arises from the improper handling of the service startup process, allowin...

The NLB mKlik Macedonia mobile application version 3.3.12 is vulnerable to SQL injection through the international transfer parameters. This flaw allows malicious actors to inject arbitrary SQL commands via unsanitized input, which may lead to unauthorized access and disclosure of sensitive infor...

The Tinycontrol LAN Controller 1.58a is susceptible to an authentication bypass vulnerability that enables unauthorized attackers to change administrative passwords through specially crafted API requests. By exploiting the /stm.cgi endpoint with a malicious authentication parameter, attackers can...

The JM-DATA ONU JF511-TV version 1.0.67 is susceptible to cross-site request forgery (CSRF) attacks. This vulnerability enables malicious actors to execute administrative tasks on behalf of authenticated users without their awareness or approval. Exploitation of this flaw may involve sending craf...

The Anevia Flamingo XL/XS 3.6.20 is susceptible to an authentication bypass vulnerability stemming from the use of weak default administrative credentials. These hard-coded credentials can be easily guessed by attackers, allowing them to gain unauthorized access to the system and exert full contr...

The H3C SSL VPN is susceptible to a user enumeration vulnerability that enables malicious actors to discern valid usernames. By exploiting the 'txtUsrName' parameter in the login_submit.cgi endpoint, attackers can submit various username inputs and analyze the responses returned by the server. Th...

The Fetch FTP Client version 5.8.2 is susceptible to a denial of service vulnerability that enables attackers to cause complete CPU usage by sending lengthy server responses. This can be exploited by delivering specially designed FTP server responses that exceed 2K bytes in size, leading to exces...

SoX version 14.4.2 is susceptible to a denial of service vulnerability triggered by its handling of WAV files. When a specially crafted WAV file is processed, it can lead to a division by zero error, resulting in a floating point exception that crashes the program. This vulnerability highlights t...

The SOUND4 IMPACT/FIRST/PULSE/Eco products version 2.x and below have a vulnerability that allows local authenticated users to exploit a conditional command injection. By leveraging this flaw, attackers can create malicious files in the /tmp directory. Additionally, unauthenticated users can exec...

The SOUND4 IMPACT/FIRST/PULSE/Eco firmware version 2.x and below is vulnerable to a remote code execution attack due to a flaw in its firmware upload functionality. Specifically, the upload.cgi script allows attackers to perform path traversal attacks, enabling potentially malicious files to be u...

The SOUND4 IMPACT/FIRST/PULSE/Eco products including versions up to 2.x are susceptible to an authenticated command injection vulnerability found in the www-data-handler.php script. This flaw allows an attacker to manipulate the 'services' POST parameter to introduce arbitrary system commands, ex...

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier are susceptible to an unauthenticated command injection vulnerability through the 'username' parameter. This weakness allows attackers to exploit the index.php and login.php scripts by injecting arbitrary shell commands via HTTP POST requests...

The SOUND4 IMPACT/FIRST/PULSE/Eco product line, version 2.x and below, is susceptible to a conditional command injection vulnerability. This flaw allows local authenticated users to manipulate the system by creating malicious files within the /tmp directory. Additionally, unauthenticated attacker...

The SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below are susceptible to an unauthenticated file disclosure vulnerability. This flaw allows remote attackers to manipulate the 'file' GET parameter, potentially granting access to sensitive system files on the affected devices. Exploiting this vu...

The SOUND4 IMPACT, FIRST, PULSE, and Eco products, versions 2.x and lower, are susceptible to an unauthenticated vulnerability that allows remote attackers to access sensitive live radio stream information through specific web scripts. This vulnerability enables attackers to exploit webplay or ff...

The SOUND4 IMPACT/FIRST/PULSE/Eco versions up to and including 2.x are vulnerable to a command injection flaw. This allows local authenticated users to execute malicious commands by creating files with a .dns.pid extension in the /tmp directory. By exploiting this vulnerability through an HTTP PO...

The SOUND4 IMPACT/FIRST/PULSE/Eco software versions up to 2.x feature an information disclosure vulnerability that permits unauthorized users to access sensitive log files. This vulnerability occurs when attackers exploit the lack of authentication, enabling them to browse directly to the /log di...

The SOUND4 IMPACT, FIRST, PULSE, and Eco applications, specifically versions 2.x, are susceptible to an unauthenticated stored cross-site scripting vulnerability. This security flaw arises when the username parameter processes unvalidated input, permitting attackers to inject malicious scripts. O...

The SOUND4 IMPACT/FIRST/PULSE/Eco devices in version 2.x and below contain hardcoded credentials embedded within server binaries. These credentials cannot be altered through standard operations on the device. This vulnerability allows attackers to exploit these static credentials to gain unauthor...

The SOUND4 IMPACT, FIRST, PULSE, and Eco products prior to version 2.x exhibit an SQL injection vulnerability in the 'username' POST parameter of index.php. This flaw enables attackers to manipulate the database queries by injecting arbitrary SQL code through the username parameter. Successful ex...

The SOUND4 IMPACT/FIRST/PULSE/Eco products, specifically version 2.x, contain a significant network vulnerability. This flaw allows unauthenticated attackers to exploit scripts such as ping.php, traceroute.php, and dns.php, enabling them to send ICMP signals to arbitrary hosts. As a result, attac...

MiniDVBLinux version 5.4 contains a significant remote command execution vulnerability that enables unauthenticated attackers to execute arbitrary commands with root privileges. By exploiting the vulnerable '/tpl/commands.sh' endpoint, attackers can manipulate the 'command' GET parameter, allowin...

The SOUND4 IMPACT, FIRST, PULSE, and Eco products up to and including version 2.x expose a weakness in session management. An insufficient session expiration issue allows attackers to take advantage of stale session credentials. This vulnerability can lead to unauthorized access, where attackers ...

A vulnerability has been identified in the Newbee Mall Plus version 2.0.0, where the Upload function in the UploadController.java file allows for unrestricted file uploads through manipulation of the File argument. This flaw poses a significant risk as it can be exploited remotely, permitting una...

A security flaw has been identified in the D-Link DI-7400G+ router, specifically affecting the handling of commands through the /msp_info.htm?flag=cmd interface. This vulnerability allows an attacker to exploit the affected function by injecting malicious commands, potentially compromising the de...

A buffer overflow vulnerability exists in the Tenda AC20 router, specifically within the sscanf function of the /goform/PowerSaveSet interface. The flaw arises from improper handling of user-supplied input, particularly the 'powerSavingEn', 'time', 'powerSaveDelay', and 'ledCloseType' parameters....

A buffer overflow vulnerability exists in the Tenda AC20 router, specifically within the sscanf function of the /goform/PowerSaveSet interface. The flaw arises from improper handling of user-supplied input, particularly the 'powerSavingEn', 'time', 'powerSaveDelay', and 'ledCloseType' parameters....

A SQL injection vulnerability has been identified in the itsourcecode Society Management System version 1.0. The flaw resides in an unrecognized function within the /admin/add_admin.php file, allowing attackers to manipulate the Username argument. This manipulation can lead to unauthorized SQL co...

A vulnerability exists in the itsourcecode Society Management System version 1.0, specifically within the edit_admin_query function located in /admin/edit_admin_query.php. This security flaw allows for SQL injection attacks through improper handling of the Username argument. Attackers can exploit...

A vulnerability has been discovered in BiggiDroid Simple PHP CMS 1.0, specifically affecting the admin login functionality located in /admin/login.php. An attacker can manipulate the Username argument to execute SQL injection attacks, potentially compromising the database. This exploit is capable...

A vulnerability has been identified in the BiggiDroid Simple PHP CMS version 1.0, specifically within the Site Logo Handler found in the /admin/edit.php file. This flaw permits an attacker to manipulate image arguments, resulting in unrestricted file uploads. Such exploitation could allow remote ...

A significant vulnerability has been discovered in the Edimax BR-6208AC device, specifically within the web-based configuration interface. The flaw, located in the formALGSetup function, allows the manipulation of the wlan-url argument, leading to open redirection attacks. This vulnerability can ...

A command injection vulnerability has been identified in the web-based configuration interface of the Edimax BR-6208AC router. The flaw resides in the 'formRoute' function of the '/gogorm/formRoute' file, where manipulation of the input parameters (strIp/strMask/strGateway) can allow attackers to...

A command injection vulnerability has been identified in the Edimax BR-6208AC router which affects its web-based configuration interface. The flaw resides in the function formStaDrvSetup, where manipulation of the 'rootAPmac' argument can lead to unauthorized command execution. This vulnerability...

A vulnerability has been identified in the Tenda W6-S model 1.0.0.4(510), specifically in the R7websSsecurityHandler component of the /bin/httpd file. This issue arises due to improper handling of the Cookie argument, which can be exploited to trigger a stack-based buffer overflow. Attackers can ...

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier face a significant risk due to an Improper Input Validation flaw. This vulnerability allows attackers to bypass security features, potentially leading to session takeover without requiring any us...

A security flaw exists within the ATE Service of the Tenda W6-S device, specifically affecting the TendaAte function in the /goform/ate file. This vulnerability allows for remote OS command injection, enabling an unauthorized party to execute arbitrary commands on the device. As the exploit has b...

A stack-based buffer overflow vulnerability exists in the Tenda M3 device with firmware version 1.0.0.13(4903). This vulnerability is triggered through the manipulation of the 'cmdinput' argument in the /goform/exeCommand file, allowing an attacker to execute remote exploits. Due to its remote ex...

A critical flaw exists in the Tenda M3 Router version 1.0.0.13, specifically in the function formSetRemoteDhcpForAp located in the /goform/setDhcpAP file. This vulnerability can be exploited remotely, allowing attackers to manipulate parameters such as startip, endip, leasetime, gateway, dns1, an...

A security flaw has been identified in the 08CMS Novel System, where certain processing within the admina/mtpls.inc.php file of the Template Handler component allows for code injection. This vulnerability enables attackers to execute code remotely, potentially compromising the system. The details...