This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.

ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block content.

SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.

Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.