π¨ CVE-2024-10290
A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
There is a serious configuration file leak in zzcms2023 Β· Issue #1 Β· LvZCh/zzcms2023
Source code nameοΌzzcms Source code versionοΌ2023 Source code official websiteοΌhttp://www.zzcms.net/about/download.html Source code download linkοΌhttp://www.zzcms.net/download/zzcms2023.zip Vulnerabi...
π¨ CVE-2024-48963
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
π@cveNotify
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
π@cveNotify
GitHub
Release v1.10.0 Β· snyk/snyk-php-plugin
1.10.0 (2024-10-15)
Features
add prodsec/security_scans (a2235c6)
add secrets scanning (ba85128)
pass command and args into spawn separately (9189f09)
replace execSync with spawnSync (0d64ae5)
upd...
Features
add prodsec/security_scans (a2235c6)
add secrets scanning (ba85128)
pass command and args into spawn separately (9189f09)
replace execSync with spawnSync (0d64ae5)
upd...
π¨ CVE-2024-10371
A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Payroll Management System in C++ with Source Code v1.0 - Buffer Overflow Β· Issue #63 Β· CveSecLook/cve
Payroll Management System in C++ with Source Code v1.0 - Buffer Overflow Author:shikang In the main program file, the vulnerability occurs in the login() function, where user input is handled using...
π¨ CVE-2023-38409
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).
π@cveNotify
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).
π@cveNotify
π¨ CVE-2022-36228
Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.
π@cveNotify
Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.
π@cveNotify
Gist
CVE-2022-36228
CVE-2022-36228. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-22455
Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.
π@cveNotify
Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.
π@cveNotify
π¨ CVE-2022-4973
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.
π@cveNotify
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page.
π@cveNotify
core.trac.wordpress.org
Changeset 53961 β WordPress Trac
Blog Tool and Publishing Platform
π₯1
π¨ CVE-2022-23861
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.
π@cveNotify
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.
π@cveNotify
GitHub
GitHub - mbadanoiu/CVE-2022-23861: CVE-2022-23861: Multiple Stored Cross-Site Scripting in YSoft SafeQ
CVE-2022-23861: Multiple Stored Cross-Site Scripting in YSoft SafeQ - mbadanoiu/CVE-2022-23861
π¨ CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.
π@cveNotify
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.
π@cveNotify
π¨ CVE-2024-25876
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
π@cveNotify
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
π@cveNotify
GitHub
enhavo/xss-page-content-header-titel-v0.13.1.md at main Β· dd3x3r/enhavo
Contribute to dd3x3r/enhavo development by creating an account on GitHub.
π¨ CVE-2022-4971
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
WPScan
Sassy Social Share <= 3.3.3 - Cross-Site Scripting (XSS)
See details on Sassy Social Share <= 3.3.3 - Cross-Site Scripting (XSS). View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-10368
A vulnerability was found in Codezips Sales Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addstock.php. The manipulation of the argument prodtype leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Codezips Sales Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addstock.php. The manipulation of the argument prodtype leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Codezips Sales Management System In PHP With Source Code 1.0 addstock.php SQL injection Β· Issue #17 Β· ppp-src/CVE
Codezips Sales Management System In PHP With Source Code 1.0 addstock.php SQL injection NAME OF AFFECTED PRODUCT(S) Sales Management System In PHP With Source Code Vendor Homepage https://codezips....
π¨ CVE-2024-10369
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Codezips Sales Management System In PHP With Source Code 1.0 addcustcom.php SQL injection Β· Issue #18 Β· ppp-src/CVE
Codezips Sales Management System In PHP With Source Code 1.0 addcustcom.php SQL injection NAME OF AFFECTED PRODUCT(S) Sales Management System In PHP With Source Code Vendor Homepage https://codezip...
π¨ CVE-2024-10370
A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcustind.php. The manipulation of the argument refno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcustind.php. The manipulation of the argument refno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Codezips Sales Management System In PHP With Source Code 1.0 addcustind.php SQL injection Β· Issue #19 Β· ppp-src/CVE
Codezips Sales Management System In PHP With Source Code 1.0 addcustind.php SQL injection NAME OF AFFECTED PRODUCT(S) Sales Management System In PHP With Source Code Vendor Homepage https://codezip...
π¨ CVE-2024-31064
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.
π@cveNotify
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.
π@cveNotify
π¨ CVE-2021-4449
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
π@cveNotify
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
π@cveNotify
CodeCanyon
ZoomSounds - WordPress Wave Audio Player with Playlist
ZoomSounds is a complete premium audio plugin for WordPress that allows you to build great audio players and playlists. Engage with your audience with Trending, Likes, and awesome features. Fits...
π¨ CVE-2021-4450
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
π@cveNotify
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
π@cveNotify
π¨ CVE-2021-4451
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
π@cveNotify
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
π@cveNotify
NinTechNet's updates and security announcements.
Security issue fixed in NinjaFirewall (WP Edition).
Today, we released version 4.3.4 of our NinjaFirewall (WP/WP+ Edition) plugin which includes a minor security fix.
π¨ CVE-2023-38379
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.
π@cveNotify
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.
π@cveNotify
π¨ CVE-2024-21722
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
π@cveNotify
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
π@cveNotify
Joomla! Developer Networkβ’
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
π¨ CVE-2024-2241
Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions
π@cveNotify
Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.