๐จ CVE-2024-6640
In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated.
ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table.
๐@cveNotify
In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated.
ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table.
๐@cveNotify
๐จ CVE-2024-5960
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.
๐@cveNotify
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.
๐@cveNotify
๐จ CVE-2024-52550
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
๐@cveNotify
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
๐@cveNotify
Jenkins Security Advisory 2024-11-13
Jenkins โ an open source automation server which enables developers around the world to reliably build, test, and deploy their software
๐จ CVE-2024-9766
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within WTabletServicePro process. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24304.
๐@cveNotify
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within WTabletServicePro process. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24304.
๐@cveNotify
Zerodayinitiative
ZDI-24-1336
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
๐จ CVE-2024-7241
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23375.
๐@cveNotify
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23375.
๐@cveNotify
Zerodayinitiative
ZDI-24-1016
(0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability
๐จ CVE-2024-10471
The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
๐@cveNotify
The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
๐@cveNotify
WPScan
Everest Forms < 3.0.4.2 - Admin+ Stored XSS
See details on Everest Forms < 3.0.4.2 - Admin+ Stored XSS CVE 2024-10471. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-35669
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
๐@cveNotify
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Debug Log Manager Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-23356
Memory corruption during session sign renewal request calls in HLOS.
๐@cveNotify
Memory corruption during session sign renewal request calls in HLOS.
๐@cveNotify
๐จ CVE-2024-23381
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
๐@cveNotify
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
๐@cveNotify
๐จ CVE-2024-23382
Memory corruption while processing graphics kernel driver request to create DMA fence.
๐@cveNotify
Memory corruption while processing graphics kernel driver request to create DMA fence.
๐@cveNotify
๐จ CVE-2024-23383
Memory corruption when kernel driver attempts to trigger hardware fences.
๐@cveNotify
Memory corruption when kernel driver attempts to trigger hardware fences.
๐@cveNotify
๐จ CVE-2024-23384
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
๐@cveNotify
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
๐@cveNotify
๐จ CVE-2024-33010
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
๐@cveNotify
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
๐@cveNotify
๐จ CVE-2024-33011
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
๐@cveNotify
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
๐@cveNotify
๐จ CVE-2024-33012
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
๐@cveNotify
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
๐@cveNotify
๐จ CVE-2024-33013
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
๐@cveNotify
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
๐@cveNotify
๐จ CVE-2024-11234
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
๐@cveNotify
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
๐@cveNotify
GitHub
Configuring a proxy in a stream context might allow for CRLF injection in URIs
### Summary
Configuring a proxy in a [stream context](https://www.php.net/manual/en/stream.contexts.php) might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks.
#...
Configuring a proxy in a [stream context](https://www.php.net/manual/en/stream.contexts.php) might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks.
#...
๐จ CVE-2022-2667
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.
๐@cveNotify
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.
๐@cveNotify
GitHub
GitHub - cxaqhq/Loan-Management-System-Sqlinjection
Contribute to cxaqhq/Loan-Management-System-Sqlinjection development by creating an account on GitHub.
๐จ CVE-2022-2766
A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206162 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206162 is the identifier assigned to this vulnerability.
๐@cveNotify
GitHub
CVE_Pentest/Loan Management System CMS/images/sql01.png at main ยท Drun1baby/CVE_Pentest
Contribute to Drun1baby/CVE_Pentest development by creating an account on GitHub.
๐จ CVE-2022-37138
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
๐@cveNotify
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
๐@cveNotify
GitHub
POC-DUMP/Loan Management System/README.md at main ยท saitamang/POC-DUMP
Writeup for any interesting bugs/vulnerability. Contribute to saitamang/POC-DUMP development by creating an account on GitHub.