CVSS:9.8(Critical)
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.
CVSS:9.8(Critical)
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
CVSS:9.8(Critical)
Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.
CVSS:9.8(Critical)
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.
CVSS:9.8(Critical)
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.
CVSS:9.8(Critical)
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.
CVSS:9.8(Critical)
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.
CVSS:9.8(Critical)
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.
CVSS:9.8(Critical)
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.
CVSS:9.8(Critical)
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.
CVSS:9.8(Critical)
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.
CVSS:9.8(Critical)
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml).
CVSS:9.8(Critical)
Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.
CVSS:9.8(Critical)
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.
CVSS:9.8(Critical)
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.
CVSS:9.8(Critical)
A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The...
CVSS:9.8(Critical)
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.
CVSS:9.8(Critical)
Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.
CVSS:9.8(Critical)
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.
CVSS:9.8(Critical)
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
CVSS:9.8(Critical)
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.
CVSS:9.8(Critical)
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.
CVSS:9.8(Critical)
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.
CVSS:9.8(Critical)
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.