๐จ CVE-2024-46442
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.
๐@cveNotify
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.
๐@cveNotify
GitHub
GitHub - zgsnj123/BYD_headunit_vuls: BYD_headunit_vuls
BYD_headunit_vuls. Contribute to zgsnj123/BYD_headunit_vuls development by creating an account on GitHub.
๐จ CVE-2024-53480
Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.
๐@cveNotify
Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.
๐@cveNotify
GitHub
CVEs/CVE-2024-53480.md at main ยท sbksibi/CVEs
Contribute to sbksibi/CVEs development by creating an account on GitHub.
๐จ CVE-2024-53481
A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.
๐@cveNotify
A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.
๐@cveNotify
GitHub
CVEs/CVE-2024-53481.md at main ยท sbksibi/CVEs
Contribute to sbksibi/CVEs development by creating an account on GitHub.
๐จ CVE-2024-37773
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
๐@cveNotify
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
๐@cveNotify
๐จ CVE-2024-37774
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.
๐@cveNotify
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.
๐@cveNotify
๐จ CVE-2024-37775
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
๐@cveNotify
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
๐@cveNotify
๐จ CVE-2024-37776
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
๐@cveNotify
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
๐@cveNotify
๐จ CVE-2024-48197
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
๐@cveNotify
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
๐@cveNotify
๐จ CVE-2024-51111
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
๐@cveNotify
GitHub
Bortecine-s_CVEs/README.md at main ยท Zehraakmanlar/Bortecine-s_CVEs
Contribute to Zehraakmanlar/Bortecine-s_CVEs development by creating an account on GitHub.
๐จ CVE-2024-51112
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
๐@cveNotify
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
๐@cveNotify
GitHub
Bortecine-s_CVEs/README.md at main ยท Zehraakmanlar/Bortecine-s_CVEs
Contribute to Zehraakmanlar/Bortecine-s_CVEs development by creating an account on GitHub.
๐จ CVE-2024-54879
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
๐@cveNotify
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
๐@cveNotify
๐จ CVE-2024-55407
An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.
๐@cveNotify
An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.
๐@cveNotify
GitHub
vulnerable-driver/CVE-2024-55407/CVE-2024-55407_Winio64.sys_README.md at master ยท heyheysky/vulnerable-driver
Contribute to heyheysky/vulnerable-driver development by creating an account on GitHub.
๐จ CVE-2024-46242
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.
๐@cveNotify
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.
๐@cveNotify
Gist
CVE-2024-46242.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-48245
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
๐@cveNotify
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
๐@cveNotify
GitHub
GitHub - ShadowByte1/CVE-2024-48245: SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3
SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3 - ShadowByte1/CVE-2024-48245
๐จ CVE-2024-53345
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
๐@cveNotify
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
๐@cveNotify
GitHub
GitHub - ShadowByte1/CVE-2024-53345: Critical 0 Day in Car Rental Management System Versions 1.0 - 1.3
Critical 0 Day in Car Rental Management System Versions 1.0 - 1.3 - ShadowByte1/CVE-2024-53345
๐จ CVE-2024-50658
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
๐@cveNotify
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
๐@cveNotify
๐จ CVE-2024-50659
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
๐@cveNotify
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
๐@cveNotify
๐จ CVE-2024-50660
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
๐@cveNotify
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
๐@cveNotify
๐จ CVE-2024-53522
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
๐@cveNotify
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
๐@cveNotify
HugeDomains
Hosxp.com is for sale | HugeDomains
Find a domain name today. We make it easy.
๐จ CVE-2024-54724
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
๐@cveNotify
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
๐@cveNotify
GitHub
detail/1.md at main ยท la12138la/detail
Contribute to la12138la/detail development by creating an account on GitHub.
๐จ CVE-2024-54887
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
๐@cveNotify
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
๐@cveNotify
GitHub
vulnerability-research/CVE-2024-54887 at main ยท JBince/vulnerability-research
Contribute to JBince/vulnerability-research development by creating an account on GitHub.