Linxi666

**Name of the Vulnerable Software and Affected Versions** Tenda HG9 300001138 (affected versions not specified) **Description** A flaw exists in Tenda HG9 300001138 within the GPON Configuration Endpoint. The issue relates to the manipulation of the `fmgpon loid/fmgpon loid password` argument in the `/boaform/formgponConf` file, leading to a stack-based buffer overflow. Remote exploitation is possible. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda HG9 300001138 (affected versions not specified) **Description** A security issue exists in the Tenda HG9 300001138 router, specifically within the Samba Configuration Endpoint accessible through the `/boaform/formSamba` API endpoint. Improper handling of the `sambaCap` parameter leads to a stack-based buffer overflow. This allows for remote execution of arbitrary code or a denial of service. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda HG9 300001138 **Description** A stack-based buffer overflow exists in Tenda HG9 300001138. The issue is located in an unknown function of the file `/boaform/formWlanSetup` within the Wireless Configuration Endpoint component. Manipulation of the `ssid` parameter can trigger the overflow. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda HG9 versions prior to 300001139 **Description** A stack-based buffer overflow issue exists in the Tenda HG9 device. The flaw is located in the file '/boaform/formPing6' and can be triggered by manipulating the `pingAddr` argument. This allows for remote exploitation. An exploit for this issue has been published. **Recommendations** Update to version 300001139 or later.

**Name of the Vulnerable Software and Affected Versions** Tenda HG9 version 300001138 **Description** A security flaw exists in the Tenda HG9 router's Diagnostic Ping component. The issue stems from a stack-based buffer overflow caused by improper handling of input in the `pingAddr` argument of the `/boaform/formPing` endpoint. This allows a remote attacker to potentially execute arbitrary code, cause a denial of service, or compromise the device. The exploit for this issue is publicly available. **Recommendations** Versions prior to 300001139 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda HG9 300001138 (affected versions not specified) **Description** A security issue exists in Tenda HG9 300001138 related to stack-based buffer overflow. The issue is located within the file `/boaform/formLoopBack` of the Loopback Detection Configuration Endpoint component. Manipulation of the `Ethtype` argument can trigger the overflow, and the attack can be executed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sangfor Operation and Maintenance Security Management System versions prior to 3.0.13 **Description** A security flaw exists in Sangfor Operation and Maintenance Security Management System. The issue involves the `edit pwd mall` function within the `/fort/login/edit pwd mall` file, where manipulation of the `flag` argument leads to weak password recovery. This allows for remote attacks. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Update Sangfor Operation and Maintenance Security Management System to version 3.0.13 or later. As a temporary workaround, restrict access to the `edit pwd mall` function. Avoid manipulating the `flag` argument in the `edit pwd mall` function.

**Name of the Vulnerable Software and Affected Versions** Sangfor Operation and Maintenance Management System versions up to 3.0.12 **Description** A flaw exists in Sangfor Operation and Maintenance Management System. This issue is related to the `SessionController` function within the SSH Protocol Handler component, specifically in the file `/isomp-protocol/protocol/session`. Manipulation of the `keypassword` argument can lead to operating system command injection. The attack can be initiated remotely. A publicly available exploit exists. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 3.0.12 should be updated. As a temporary workaround, consider restricting access to the `SessionController` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A security issue exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler component. The vulnerability is located in the `/kmf/select.jsp` file. Manipulation of the `folderid` parameter can lead to a SQL injection. This attack can be initiated remotely, and the exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, the `/kmf/user popedom.jsp` file is susceptible to SQL injection through manipulation of the `folderid` parameter. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, manipulating the `folderid` argument in the `/kmf/folder.jsp` file can result in SQL injection. This issue is exploitable remotely. The vulnerability has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A weakness exists in Yonyou KSOA 9.0 related to an unknown functionality within the `/kmf/save folder.jsp` file and its HTTP GET Parameter Handler. Manipulation of the `folderid` argument can lead to SQL injection. This issue is potentially exploitable remotely. The exploit has been publicly released. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M920 version 1.1.50 **Description** A buffer overflow issue exists in the D-Link DWR-M920. The issue is located in the `sub 41C7FC` function within the `/boafrm/formPinManageSetup` file. Manipulation of the `submit-url` argument can trigger the overflow. This allows for a remote attack. An exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Expense Management System version 1.0 **Description** A security issue exists in the Expense Categories Page component of projectworlds Expense Management System. The issue involves an unknown function within the `/public/admin/expense categories/create` file and allows for cross site scripting. This manipulation can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Expense Management System version 1.0 **Description** A weakness exists in projectworlds Expense Management System version 1.0 that allows for cross site scripting. The issue impacts an unknown function within the Currency Page component, specifically affecting the file `/public/admin/currencies/create`. The attack can be initiated remotely, and the exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Expense Management System version 1.0 **Description** A security flaw exists in projectworlds Expense Management System 1.0. The issue involves cross site scripting and affects an unknown function within the `/public/admin/roles/create` file of the Roles Page component. The attack can be performed remotely. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Expense Management System version 1.0 **Description** A flaw exists in projectworlds Expense Management System that allows for cross site scripting. The issue is located in an unknown function within the `/public/admin/users/create` file of the Users Page component. This allows for remote exploitation. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Gate Pass Management System version 1.0 **Description** A flaw exists in projectworlds Gate Pass Management System that allows for cross site scripting. The issue is located in an unknown function within the `/add-pass.php` file. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda CH22 version 1.0.0.1 **Description** A flaw exists in the `fromSafeUrlFilter` function within the `/goform/SafeUrlFilter` file. Manipulation of the `page` argument can lead to a buffer overflow, allowing for remote attacks. An exploit for this issue has been published. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/SafeUrlFilter` file.

**Name of the Vulnerable Software and Affected Versions** Tenda CH22 version 1.0.0.1 **Description** A flaw exists in the `fromSafeMacFilter` function within the `/goform/SafeMacFilter` file. Manipulation of the `page` argument can trigger a buffer overflow. This issue can be exploited remotely. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.