๐จ CVE-2024-48197
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
๐@cveNotify
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
๐@cveNotify
๐จ CVE-2024-51111
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
๐@cveNotify
GitHub
Bortecine-s_CVEs/README.md at main ยท Zehraakmanlar/Bortecine-s_CVEs
Contribute to Zehraakmanlar/Bortecine-s_CVEs development by creating an account on GitHub.
๐จ CVE-2024-51112
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
๐@cveNotify
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
๐@cveNotify
GitHub
Bortecine-s_CVEs/README.md at main ยท Zehraakmanlar/Bortecine-s_CVEs
Contribute to Zehraakmanlar/Bortecine-s_CVEs development by creating an account on GitHub.
๐จ CVE-2024-54879
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
๐@cveNotify
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
๐@cveNotify
๐จ CVE-2024-55407
An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.
๐@cveNotify
An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.
๐@cveNotify
GitHub
vulnerable-driver/CVE-2024-55407/CVE-2024-55407_Winio64.sys_README.md at master ยท heyheysky/vulnerable-driver
Contribute to heyheysky/vulnerable-driver development by creating an account on GitHub.
๐จ CVE-2024-46242
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.
๐@cveNotify
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.
๐@cveNotify
Gist
CVE-2024-46242.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-48245
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
๐@cveNotify
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
๐@cveNotify
GitHub
GitHub - ShadowByte1/CVE-2024-48245: SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3
SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3 - ShadowByte1/CVE-2024-48245
๐จ CVE-2024-53345
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
๐@cveNotify
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
๐@cveNotify
GitHub
GitHub - ShadowByte1/CVE-2024-53345: Critical 0 Day in Car Rental Management System Versions 1.0 - 1.3
Critical 0 Day in Car Rental Management System Versions 1.0 - 1.3 - ShadowByte1/CVE-2024-53345
๐จ CVE-2024-50658
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
๐@cveNotify
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
๐@cveNotify
๐จ CVE-2024-50659
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
๐@cveNotify
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.
๐@cveNotify
๐จ CVE-2024-50660
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
๐@cveNotify
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
๐@cveNotify
๐จ CVE-2024-53522
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
๐@cveNotify
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
๐@cveNotify
HugeDomains
Hosxp.com is for sale | HugeDomains
Find a domain name today. We make it easy.
๐จ CVE-2024-54724
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
๐@cveNotify
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
๐@cveNotify
GitHub
detail/1.md at main ยท la12138la/detail
Contribute to la12138la/detail development by creating an account on GitHub.
๐จ CVE-2024-54887
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
๐@cveNotify
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
๐@cveNotify
GitHub
vulnerability-research/CVE-2024-54887 at main ยท JBince/vulnerability-research
Contribute to JBince/vulnerability-research development by creating an account on GitHub.
๐จ CVE-2024-54994
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.
๐@cveNotify
GitHub
CVEs/CVE-2024-54994 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54996
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.
๐@cveNotify
GitHub
CVEs/CVE-2024-54996 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54997
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
๐@cveNotify
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
๐@cveNotify
GitHub
CVEs/CVE-2024-54997 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54998
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
๐@cveNotify
GitHub
CVEs/CVE-2024-54998 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.
๐@cveNotify
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module.
๐@cveNotify
GitHub
CVEs/CVE-2024-54999 at main ยท NicolasJoseGula/CVEs
Contribute to NicolasJoseGula/CVEs development by creating an account on GitHub.
๐จ CVE-2024-46310
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint
๐@cveNotify
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint
๐@cveNotify
๐จ CVE-2024-57471
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
๐@cveNotify