6.9
CVE-2024-7161 - SeaCMS Password Change cross-site request forgery
A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. Tβ¦
5.3
CVE-2024-7160 - TOTOLINK A3700R cstecgi.cgi setWanCfg command injection
A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has beβ¦
5.1
CVE-2024-7159 - TOTOLINK A3600R Telnet Service product.ini hard-coded password
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been discloβ¦
5.3
CVE-2024-7158 - TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection
A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command iβ¦
8.7
CVE-2024-7157 - TOTOLINK A3100R getSaveConfig buffer overflow
A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the β¦
6.9
CVE-2024-7156 - TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack maβ¦
2
CVE-2024-7155 - TOTOLINK A3300R shadow.sample hard-coded password
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local hβ¦
5.3
CVE-2024-7154 - TOTOLINK A3700R Password Reset wizard.html access control
A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotelβ¦
9.1
CVE-2024-42049 -
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.
7.5
CVE-2024-41818 - ReDOS at currency parsing fast-xml-parser
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.