๐จ CVE-2024-37775
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
๐@cveNotify
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
๐@cveNotify
๐จ CVE-2024-37776
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
๐@cveNotify
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
๐@cveNotify
๐จ CVE-2024-48197
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
๐@cveNotify
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
๐@cveNotify
๐จ CVE-2024-51111
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
๐@cveNotify
GitHub
Bortecine-s_CVEs/README.md at main ยท Zehraakmanlar/Bortecine-s_CVEs
Contribute to Zehraakmanlar/Bortecine-s_CVEs development by creating an account on GitHub.
๐จ CVE-2024-51112
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
๐@cveNotify
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
๐@cveNotify
GitHub
Bortecine-s_CVEs/README.md at main ยท Zehraakmanlar/Bortecine-s_CVEs
Contribute to Zehraakmanlar/Bortecine-s_CVEs development by creating an account on GitHub.
๐จ CVE-2024-54879
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
๐@cveNotify
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
๐@cveNotify
๐จ CVE-2024-55407
An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.
๐@cveNotify
An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.
๐@cveNotify
GitHub
vulnerable-driver/CVE-2024-55407/CVE-2024-55407_Winio64.sys_README.md at master ยท heyheysky/vulnerable-driver
Contribute to heyheysky/vulnerable-driver development by creating an account on GitHub.
๐จ CVE-2024-46242
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.
๐@cveNotify
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.
๐@cveNotify
Gist
CVE-2024-46242.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-48245
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
๐@cveNotify
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
๐@cveNotify
GitHub
GitHub - ShadowByte1/CVE-2024-48245: SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3
SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3 - ShadowByte1/CVE-2024-48245
๐จ CVE-2024-53345
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
๐@cveNotify
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
๐@cveNotify
GitHub
GitHub - ShadowByte1/CVE-2024-53345: Critical 0 Day in Car Rental Management System Versions 1.0 - 1.3
Critical 0 Day in Car Rental Management System Versions 1.0 - 1.3 - ShadowByte1/CVE-2024-53345
๐จ CVE-2024-50658
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
๐@cveNotify
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
๐@cveNotify
๐จ CVE-2024-50659
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
๐@cveNotify
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
๐@cveNotify
๐จ CVE-2024-50660
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
๐@cveNotify
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
๐@cveNotify
๐จ CVE-2024-53522
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
๐@cveNotify
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
๐@cveNotify
HugeDomains
Hosxp.com is for sale | HugeDomains
Find a domain name today. We make it easy.
๐จ CVE-2024-54724
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
๐@cveNotify
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
๐@cveNotify
GitHub
detail/1.md at main ยท la12138la/detail
Contribute to la12138la/detail development by creating an account on GitHub.
๐จ CVE-2024-54887
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
๐@cveNotify
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
๐@cveNotify
GitHub
vulnerability-research/CVE-2024-54887 at main ยท JBince/vulnerability-research
Contribute to JBince/vulnerability-research development by creating an account on GitHub.
๐จ CVE-2024-54994
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
๐@cveNotify
GitHub
CVEs/CVE-2024-54994 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54996
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
๐@cveNotify
GitHub
CVEs/CVE-2024-54996 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54997
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
๐@cveNotify
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
๐@cveNotify
GitHub
CVEs/CVE-2024-54997 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54998
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
๐@cveNotify
GitHub
CVEs/CVE-2024-54998 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.
๐@cveNotify
GitHub
CVEs/CVE-2024-54999 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.