Ic0Rner

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-824DRU versions 1.010B01 through 1.04B01 **Description** A security issue exists in the TRENDnet TEW-824DRU web interface. Manipulation of the `Language` argument within the `apply sec.cgi` file and the `sub 420A78` function can lead to cross-site scripting. This allows for remote attacks. The exploit is publicly available. **Recommendations** TRENDnet TEW-824DRU version 1.010B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TRENDnet TEW-824DRU version 1.04B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-632BRP version 1.010B32 **Description** A flaw exists in TRENDnet TEW-632BRP that allows for a stack-based buffer overflow. This issue is located within the HTTP POST Request Handler component, specifically in the `/ping response.cgi` file. Manipulation of the `ping ipaddr` argument can trigger the overflow, and the attack can be performed remotely. The exploit for this issue is publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-852 version 1.00CN B09 **Description** A flaw exists in the Simple Service Discovery Protocol Service component of the D-Link DIR-852. The issue resides in the `ssdpcgi main` function within the `htodcs/cgibin` file. Manipulation of the `ST` argument can lead to command injection, potentially allowing for remote execution. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling the Simple Service Discovery Protocol Service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-852 version 1.00CN B09 **Description** A vulnerability exists in the Web Management Interface component of D-Link DIR-852 version 1.00CN B09. Manipulation of unknown code within the `/htdocs/cgibin/hedwig.cgi` file can lead to command injection. This issue is remotely exploitable. The exploit has been made public. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-852 version 1.00CN B09 **Description** A security issue has been identified in the SOAP Service component of D-Link DIR-852 version 1.00CN B09. Manipulation of the `service` argument within the `soapcgi main` function of the `soap.cgi` file can lead to operating system command injection. This allows for remote attacks. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-852 versions up to 1.00CN B09 Description: A vulnerability exists in D-Link DIR-852 that allows for information disclosure. The vulnerability is located in the `phpcgi main` function of the `/getcfg.php` file within the Device Configuration Handler component. This manipulation can be performed remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-860L version 2.04.B04 Description: A vulnerability exists in the Simple Service Discovery Protocol component of the D-Link DIR-860L router. The issue is due to a command injection flaw within the `ssdpcgi main` function located in the `/htdocs/cgibin` file. This allows for remote execution of operating system commands. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 2.10 Description: A vulnerability exists in the `httpd` component of D-Link DIR-825 version 2.10. The vulnerability is located in the `get ping app stat` function within the `ping response.cgi` file. Manipulation of the `ping ipaddr` argument can lead to a stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability affects products that are no longer supported by the manufacturer. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Movie Streaming version 1.0 **Description** A critical issue exists in code-projects Online Movie Streaming 1.0 related to missing authorization. The vulnerability is located in an unknown function within the `/admin.php` file. Manipulation of the `ID` argument allows for unauthorized access. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Document Management System version 1.0 **Description** A critical issue exists in the `unlink` function of the `/dell.php` file. Manipulation of the `ID` argument can lead to a path traversal. The exploit has been publicly disclosed and may be used to initiate attacks remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Car Rental System version 1.0 **Description** A problematic issue exists in Simple Car Rental System that allows for cross-site request forgery. This issue can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Car Rental System version 1.0 **Description** A problematic issue has been found in the processing of the `/admin/add vehicles.php` file. Manipulation of the `car name` argument can lead to cross site scripting. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** As a mitigation, sanitize the `car name` input to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** code-projects Voting System version 1.0 **Description** A critical vulnerability exists in code-projects Voting System 1.0, related to unrestricted file upload. The issue affects an unknown functionality within the `/admin/candidates add.php` file. Manipulation of the `photo` argument allows for unrestricted uploads, and the attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Restrict access to the `/admin/candidates add.php` file. As a temporary workaround, consider disabling the file upload functionality within the `/admin/candidates add.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** code-projects Food Ordering Review System version 1.0 **Description** A critical vulnerability exists in an unknown functionality of the file `/user/reservation page.php`. Manipulation of the argument `reg Id` leads to a SQL injection. The attack can be launched remotely, and the exploit has been publicly disclosed. Other parameters might also be affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Security Guards Hiring System version 1.0 **Description** A vulnerability exists in PHPGurukul Online Security Guards Hiring System that allows for cross site scripting. The issue is located in the `/admin/search.php` file, where manipulation of the `searchdata` parameter can trigger the vulnerability. The attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/search.php` file until a patch is available. Sanitize the `searchdata` parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions:** code-projects Voting System version 1.0 **Description:** A critical issue exists in code-projects Voting System 1.0 related to SQL injection. The vulnerability is located in the `/admin/positions add.php` file, where manipulation of the `description` parameter can lead to a successful attack. The exploit has been publicly disclosed and may be used. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Voting System version 1.0 Description: A critical issue exists in an unknown functionality of the file `/admin/voters row.php`. The manipulation of the `ID` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Voting System version 1.0 **Description:** A critical issue exists in the processing of the `/admin/voters add.php` file. Manipulation of the `firstname`/`lastname` argument leads to a SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations:** Voting System version 1.0: Address the SQL injection issue by sanitizing the `firstname` and `lastname` arguments in the `/admin/voters add.php` file.

**Name of the Vulnerable Software and Affected Versions:** code-projects Voting System version 1.0 **Description:** A critical vulnerability exists in code-projects Voting System 1.0. The issue involves a SQL injection flaw within an unknown function of the `/admin/voters edit.php` file. The manipulation of the `ID` argument allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Voting System version 1.0 Description: A critical issue has been identified in code-projects Voting System 1.0. The vulnerability is located in an unknown functionality of the `/admin/positions edit.php` file. Manipulation of the `ID` argument results in a SQL injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be used. Recommendations: code-projects Voting System version 1.0: Sanitize the `ID` argument to prevent SQL injection in the `/admin/positions edit.php` file.