Vulnerabilities

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xsk: avoid data corruption on cq descriptor number<br /> <br /> Since commit 30f241fcf52a ("xsk: Fix immature cq descriptor<br /> production"), the descriptor number is stored in skb control block and<br /> xsk_cq_submit_addr_locked() relies on it to put the umem addrs onto<br /> pool&amp;#39;s completion queue.<br /> <br /> skb control block shouldn&amp;#39;t be used for this purpose as after transmit<br /> xsk doesn&amp;#39;t have control over it and other subsystems could use it. This<br /> leads to the following kernel panic due to a NULL pointer dereference.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: Oops: 0000 [#1] SMP NOPTI<br /> CPU: 2 UID: 1 PID: 927 Comm: p4xsk.bin Not tainted 6.16.12+deb14-cloud-amd64 #1 PREEMPT(lazy) Debian 6.16.12-1<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014<br /> RIP: 0010:xsk_destruct_skb+0xd0/0x180<br /> [...]<br /> Call Trace:<br /> <br /> ? napi_complete_done+0x7a/0x1a0<br /> ip_rcv_core+0x1bb/0x340<br /> ip_rcv+0x30/0x1f0<br /> __netif_receive_skb_one_core+0x85/0xa0<br /> process_backlog+0x87/0x130<br /> __napi_poll+0x28/0x180<br /> net_rx_action+0x339/0x420<br /> handle_softirqs+0xdc/0x320<br /> ? handle_edge_irq+0x90/0x1e0<br /> do_softirq.part.0+0x3b/0x60<br /> <br /> <br /> __local_bh_enable_ip+0x60/0x70<br /> __dev_direct_xmit+0x14e/0x1f0<br /> __xsk_generic_xmit+0x482/0xb70<br /> ? __remove_hrtimer+0x41/0xa0<br /> ? __xsk_generic_xmit+0x51/0xb70<br /> ? _raw_spin_unlock_irqrestore+0xe/0x40<br /> xsk_sendmsg+0xda/0x1c0<br /> __sys_sendto+0x1ee/0x200<br /> __x64_sys_sendto+0x24/0x30<br /> do_syscall_64+0x84/0x2f0<br /> ? __pfx_pollwake+0x10/0x10<br /> ? __rseq_handle_notify_resume+0xad/0x4c0<br /> ? restore_fpregs_from_fpstate+0x3c/0x90<br /> ? switch_fpu_return+0x5b/0xe0<br /> ? do_syscall_64+0x204/0x2f0<br /> ? do_syscall_64+0x204/0x2f0<br /> ? do_syscall_64+0x204/0x2f0<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> [...]<br /> Kernel panic - not syncing: Fatal exception in interrupt<br /> Kernel Offset: 0x1c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)<br /> <br /> Instead use the skb destructor_arg pointer along with pointer tagging.<br /> As pointers are always aligned to 8B, use the bottom bit to indicate<br /> whether this a single address or an allocated struct containing several<br /> addresses.

A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.