๐จ CVE-2022-37139
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
๐@cveNotify
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
๐@cveNotify
GitHub
POC-DUMP/Loan Management System/README.md at main ยท saitamang/POC-DUMP
Writeup for any interesting bugs/vulnerability. Contribute to saitamang/POC-DUMP development by creating an account on GitHub.
๐จ CVE-2022-2666
A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability.
๐@cveNotify
GitHub
GitHub - cxaqhq/Loan-Management-System-Sqlinjection
Contribute to cxaqhq/Loan-Management-System-Sqlinjection development by creating an account on GitHub.
๐จ CVE-2023-27242
SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.
๐@cveNotify
SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.
๐@cveNotify
GitHub
GitHub - kaikai-11/Loan-Management-System
Contribute to kaikai-11/Loan-Management-System development by creating an account on GitHub.
๐จ CVE-2024-10899
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.
๐@cveNotify
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.
๐@cveNotify
๐จ CVE-2024-11277
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
๐@cveNotify
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
๐@cveNotify
๐จ CVE-2024-9751
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24468.
๐@cveNotify
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24468.
๐@cveNotify
Zerodayinitiative
ZDI-24-1363
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
๐จ CVE-2024-9752
Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24469.
๐@cveNotify
Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24469.
๐@cveNotify
Zerodayinitiative
ZDI-24-1354
Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
๐จ CVE-2024-9753
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24470.
๐@cveNotify
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24470.
๐@cveNotify
Zerodayinitiative
ZDI-24-1360
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
๐จ CVE-2024-9754
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24471.
๐@cveNotify
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24471.
๐@cveNotify
Zerodayinitiative
ZDI-24-1355
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
๐จ CVE-2024-9755
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24472.
๐@cveNotify
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24472.
๐@cveNotify
Zerodayinitiative
ZDI-24-1368
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
๐จ CVE-2024-9757
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24473.
๐@cveNotify
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24473.
๐@cveNotify
Zerodayinitiative
ZDI-24-1367
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
๐จ CVE-2024-9758
Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24474.
๐@cveNotify
Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24474.
๐@cveNotify
Zerodayinitiative
ZDI-24-1361
Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
๐จ CVE-2024-9759
Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24475.
๐@cveNotify
Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24475.
๐@cveNotify
Zerodayinitiative
ZDI-24-1356
Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
๐จ CVE-2024-9764
Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24480.
๐@cveNotify
Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24480.
๐@cveNotify
Zerodayinitiative
ZDI-24-1362
Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
๐จ CVE-2024-7352
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23550.
๐@cveNotify
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23550.
๐@cveNotify
Zerodayinitiative
ZDI-24-1037
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
๐จ CVE-2024-9114
FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145.
๐@cveNotify
FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145.
๐@cveNotify
Zerodayinitiative
ZDI-24-1275
(0Day) FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
๐จ CVE-2024-9767
IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23277.
๐@cveNotify
IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23277.
๐@cveNotify
Zerodayinitiative
ZDI-24-1371
IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
๐จ CVE-2023-29145
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
๐@cveNotify
The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
๐@cveNotify
Malwarebytes
Cyber Security Software and Anti-Malware | Malwarebytes
Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.
๐จ CVE-2024-39281
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
๐@cveNotify
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
๐@cveNotify
๐จ CVE-2024-51562
The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.
๐@cveNotify
The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.
๐@cveNotify
๐จ CVE-2024-51563
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
๐@cveNotify
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
๐@cveNotify