๐จ CVE-2024-7241
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23375.
๐@cveNotify
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23375.
๐@cveNotify
Zerodayinitiative
ZDI-24-1016
(0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability
๐จ CVE-2024-10471
The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
๐@cveNotify
The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
๐@cveNotify
WPScan
Everest Forms < 3.0.4.2 - Admin+ Stored XSS
See details on Everest Forms < 3.0.4.2 - Admin+ Stored XSS CVE 2024-10471. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-35669
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
๐@cveNotify
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Debug Log Manager Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-23356
Memory corruption during session sign renewal request calls in HLOS.
๐@cveNotify
Memory corruption during session sign renewal request calls in HLOS.
๐@cveNotify
๐จ CVE-2024-23381
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
๐@cveNotify
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU.
๐@cveNotify
๐จ CVE-2024-23382
Memory corruption while processing graphics kernel driver request to create DMA fence.
๐@cveNotify
Memory corruption while processing graphics kernel driver request to create DMA fence.
๐@cveNotify
๐จ CVE-2024-23383
Memory corruption when kernel driver attempts to trigger hardware fences.
๐@cveNotify
Memory corruption when kernel driver attempts to trigger hardware fences.
๐@cveNotify
๐จ CVE-2024-23384
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
๐@cveNotify
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker.
๐@cveNotify
๐จ CVE-2024-33010
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
๐@cveNotify
Transient DOS while parsing fragments of MBSSID IE from beacon frame.
๐@cveNotify
๐จ CVE-2024-33011
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
๐@cveNotify
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.
๐@cveNotify
๐จ CVE-2024-33012
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
๐@cveNotify
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
๐@cveNotify
๐จ CVE-2024-33013
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
๐@cveNotify
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.
๐@cveNotify
๐จ CVE-2024-11234
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
๐@cveNotify
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
๐@cveNotify
GitHub
Configuring a proxy in a stream context might allow for CRLF injection in URIs
### Summary
Configuring a proxy in a [stream context](https://www.php.net/manual/en/stream.contexts.php) might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks.
#...
Configuring a proxy in a [stream context](https://www.php.net/manual/en/stream.contexts.php) might allow for CRLF injection in URIs, resulting in HTTP request smuggling attacks.
#...
๐จ CVE-2022-2667
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.
๐@cveNotify
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.
๐@cveNotify
GitHub
GitHub - cxaqhq/Loan-Management-System-Sqlinjection
Contribute to cxaqhq/Loan-Management-System-Sqlinjection development by creating an account on GitHub.
๐จ CVE-2022-2766
A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206162 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206162 is the identifier assigned to this vulnerability.
๐@cveNotify
GitHub
CVE_Pentest/Loan Management System CMS/images/sql01.png at main ยท Drun1baby/CVE_Pentest
Contribute to Drun1baby/CVE_Pentest development by creating an account on GitHub.
๐จ CVE-2022-37138
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
๐@cveNotify
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
๐@cveNotify
GitHub
POC-DUMP/Loan Management System/README.md at main ยท saitamang/POC-DUMP
Writeup for any interesting bugs/vulnerability. Contribute to saitamang/POC-DUMP development by creating an account on GitHub.
๐จ CVE-2022-37139
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
๐@cveNotify
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
๐@cveNotify
GitHub
POC-DUMP/Loan Management System/README.md at main ยท saitamang/POC-DUMP
Writeup for any interesting bugs/vulnerability. Contribute to saitamang/POC-DUMP development by creating an account on GitHub.
๐จ CVE-2022-2666
A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability.
๐@cveNotify
GitHub
GitHub - cxaqhq/Loan-Management-System-Sqlinjection
Contribute to cxaqhq/Loan-Management-System-Sqlinjection development by creating an account on GitHub.
๐จ CVE-2023-27242
SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.
๐@cveNotify
SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.
๐@cveNotify
GitHub
GitHub - kaikai-11/Loan-Management-System
Contribute to kaikai-11/Loan-Management-System development by creating an account on GitHub.
๐จ CVE-2024-10899
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.
๐@cveNotify
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.
๐@cveNotify
๐จ CVE-2024-11277
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
๐@cveNotify
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
๐@cveNotify