๐จ CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php
๐@cveNotify
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php
๐@cveNotify
GitHub
CVE-2024-22922/CVE-2024-22922.md at main ยท pwnpwnpur1n/CVE-2024-22922
A Broken Authentication Vulnerability found in Projectworlds' Visitor Management System - pwnpwnpur1n/CVE-2024-22922
๐จ CVE-2024-23055
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
๐@cveNotify
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
๐@cveNotify
GitHub
CVEs/CVE-2024-23055 at main ยท c0d3x27/CVEs
This a collection of proof-of-concept exploits for various Common Vulnerabilities and Exposures (CVEs) that I have personally discovered. Whether you are passionate about cybersecurity, dedicated t...
๐จ CVE-2023-46344
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
๐@cveNotify
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
๐@cveNotify
GitHub
CVE-2023-46344/Solar-Log XSS at main ยท vinnie1717/CVE-2023-46344
Contribute to vinnie1717/CVE-2023-46344 development by creating an account on GitHub.
๐จ CVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
๐@cveNotify
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
๐@cveNotify
blog.leakix.net
Vinchin Backup & Recovery: CVE-2024-22899 to CVE-2024-22903
Advisory Overview: CVE-2024-22899 to CVE-2024-22903 in Detail
๐จ CVE-2024-22900
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.
๐@cveNotify
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.
๐@cveNotify
blog.leakix.net
Vinchin Backup & Recovery: CVE-2024-22899 to CVE-2024-22903
Advisory Overview: CVE-2024-22899 to CVE-2024-22903 in Detail
๐จ CVE-2024-22901
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
๐@cveNotify
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
๐@cveNotify
blog.leakix.net
Vinchin Backup & Recovery: CVE-2024-22899 to CVE-2024-22903
Advisory Overview: CVE-2024-22899 to CVE-2024-22903 in Detail
๐จ CVE-2024-22902
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
๐@cveNotify
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
๐@cveNotify
blog.leakix.net
Vinchin Backup & Recovery: CVE-2024-22899 to CVE-2024-22903
Advisory Overview: CVE-2024-22899 to CVE-2024-22903 in Detail
๐จ CVE-2024-22903
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.
๐@cveNotify
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.
๐@cveNotify
blog.leakix.net
Vinchin Backup & Recovery: CVE-2024-22899 to CVE-2024-22903
Advisory Overview: CVE-2024-22899 to CVE-2024-22903 in Detail
๐จ CVE-2024-23054
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).
๐@cveNotify
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).
๐@cveNotify
GitHub
CVEs/CVE-2024-23054/README.md at main ยท c0d3x27/CVEs
This a collection of proof-of-concept exploits for various Common Vulnerabilities and Exposures (CVEs) that I have personally discovered. Whether you are passionate about cybersecurity, dedicated t...
๐จ CVE-2024-24397
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.
๐@cveNotify
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.
๐@cveNotify
๐จ CVE-2024-24396
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.
๐@cveNotify
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.
๐@cveNotify
๐จ CVE-2024-24398
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.
๐@cveNotify
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.
๐@cveNotify
๐จ CVE-2023-46359
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.
๐@cveNotify
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.
๐@cveNotify
Offensity
OS Command Injection in cPH2 Charging Station <2.0.0 (CVE-2023-46359 and CVE-2023-46360) | Offensity
Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities
๐จ CVE-2023-46360
Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.
๐@cveNotify
Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.
๐@cveNotify
Offensity
OS Command Injection in cPH2 Charging Station <2.0.0 (CVE-2023-46359 and CVE-2023-46360) | Offensity
Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities
๐จ CVE-2024-24321
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
๐@cveNotify
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
๐@cveNotify
๐จ CVE-2024-25423
An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file.
๐@cveNotify
An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file.
๐@cveNotify
GitHub
GitHub - DriverUnload/cve-2024-25423: Cinema 4D out-of-bounds write vulnerability when parsing c4d files
Cinema 4D out-of-bounds write vulnerability when parsing c4d files - DriverUnload/cve-2024-25423
๐จ CVE-2024-22983
SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.
๐@cveNotify
SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.
๐@cveNotify
GitHub
CVE-2024-22983/CVE-2024-22983.md at main ยท pwnpwnpur1n/CVE-2024-22983
An SQL injection Vulnerability in projectworlds' Visitor Management System - pwnpwnpur1n/CVE-2024-22983
๐จ CVE-2023-33677
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
๐@cveNotify
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
๐@cveNotify
GitHub
CVE-2023-33677/CVE-29 at main ยท ASR511-OO7/CVE-2023-33677
Contribute to ASR511-OO7/CVE-2023-33677 development by creating an account on GitHub.
๐จ CVE-2023-47415
Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.
๐@cveNotify
Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.
๐@cveNotify
GitLab
Loudmouth Security / vulnerability-disclosures / CVE-2023-47415 ยท GitLab
๐จ CVE-2024-26566
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.
๐@cveNotify
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.
๐@cveNotify
GitHub
CVE/CVE-2024-26566/CVE-2024-26566 English.md at main ยท Punhacker/CVE
Contribute to Punhacker/CVE development by creating an account on GitHub.
๐จ CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.
๐@cveNotify
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers