🚨 CVE-2023-51141
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
🎖@cveNotify
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
🎖@cveNotify
Gist
CVE-2023-51141
CVE-2023-51141. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-51142
An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.
🎖@cveNotify
An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.
🎖@cveNotify
Gist
CVE-2023-51142.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-32206
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.
🎖@cveNotify
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.
🎖@cveNotify
GitHub
vulnerability/POC/WUZHICMS4.1.0 Stored Xss In Affiche Model.md at main · majic-banana/vulnerability
poc. Contribute to majic-banana/vulnerability development by creating an account on GitHub.
🚨 CVE-2024-32409
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
🎖@cveNotify
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
🎖@cveNotify
Sem-Cms
外贸网站建设,英文网站建设,外贸网站设计 - semcms
黑蚂蚁外贸网站系统SemCms是专注于英文网站建设,外贸网站制作,响应式模板设计,程序功能定制,多语言网站开发(俄语,西班牙,阿拉伯语,葡萄牙语等)小语种及网站优化(seo)推广,使用简单、稳定性好、性价比高,是soho或外贸企业建站的首选。
🚨 CVE-2024-28722
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint
🎖@cveNotify
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint
🎖@cveNotify
Innovaphone
ReleaseNotes14r1:Firmware
This is the Firmware 14r1 Release Notes Document.
Service Releases are planned for the second Monday each month. For each of the service release, the complete set of tests is executed. If problems show...
Service Releases are planned for the second Monday each month. For each of the service release, the complete set of tests is executed. If problems show...
🚨 CVE-2024-28699
A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function.
🎖@cveNotify
A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function.
🎖@cveNotify
GitHub
GitHub - flexpaper/pdf2json: PDF2JSON is a conversion library based on XPDF (3.02) which can be used for high performance PDF page…
PDF2JSON is a conversion library based on XPDF (3.02) which can be used for high performance PDF page by page conversion to JSON and XML format. It also supports compressing data to minimize size. ...
🚨 CVE-2024-28328
CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format.
🎖@cveNotify
CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format.
🎖@cveNotify
GitHub
CSV Injection CVE‐2024‐28328
Contribute to ShravanSinghRathore/ASUS-RT-N300-B1 development by creating an account on GitHub.
🚨 CVE-2024-28327
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.
🎖@cveNotify
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.
🎖@cveNotify
GitHub
Insecure Credential Storage CVE‐2024‐28327
Contribute to ShravanSinghRathore/ASUS-RT-N300-B1 development by creating an account on GitHub.
🚨 CVE-2024-25343
Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.
🎖@cveNotify
Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.
🎖@cveNotify
GitHub
Password Policy Bypass Vulnerability CVE‐2024‐25343
Contribute to ShravanSinghRathore/Tenda-N300-F3-Router development by creating an account on GitHub.
🚨 CVE-2024-28326
Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface.
🎖@cveNotify
Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface.
🎖@cveNotify
GitHub
Privilege Escalation CVE‐2024‐28326
Contribute to ShravanSinghRathore/ASUS-RT-N300-B1 development by creating an account on GitHub.
🚨 CVE-2024-33270
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.
🎖@cveNotify
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.
🎖@cveNotify
Prestashop
Customer File Upload:Attach/Upload File on Product,Cart
Prestashop Upload File provides your customers a mean to upload or attach files on product, cart, checkout and order detail pages. Display merchant uploaded files as downloadable on product pages with attractive icons.
🚨 CVE-2024-22830
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level.
🎖@cveNotify
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level.
🎖@cveNotify
Anticheatexpert
Anti-Cheat Expert
Since 2005, Anti-Cheat Expert (ACE) has strived to protect games and players from a broad range of security threats, offering developers a one-stop game defense System. From basic game protection strategies to industry-leading technologies, ACE offers safeguarding…
🚨 CVE-2024-32359
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.
🎖@cveNotify
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.
🎖@cveNotify
Gist
CVE-2024-32359 References
CVE-2024-32359 References. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-33844
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
🎖@cveNotify
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
🎖@cveNotify
Parrot Developers Forum
CVE-2024-33844, Bugs in ANAFI Thermal/USA Firmware
As the mavlink_itf_reset_mission_data function does not sanitize the MAV_MISSION_TYPE(0, 1, 2, 255) so that when I send MAVLink MISSION_COUNT payload with MAV_MISSION_TYPE=17, the ‘control’ crashes by freeing 0-filled memory addresses. Tested on Parrot ANAFI…
🚨 CVE-2024-31636
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
🎖@cveNotify
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
🎖@cveNotify
GitHub
GitHub - lief-project/LIEF: LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
LIEF - Library to Instrument Executable Formats (C++, Python, Rust) - lief-project/LIEF
🚨 CVE-2024-33120
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.
🎖@cveNotify
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.
🎖@cveNotify
GitHub
cxcxcxcxcxcxcxc/cxcxcxcxcxc/about-2024/33120.txt at main · cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc
Contribute to cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc development by creating an account on GitHub.
🚨 CVE-2024-30801
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
🎖@cveNotify
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
🎖@cveNotify
🚨 CVE-2024-26367
Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login parameters.
🎖@cveNotify
Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login parameters.
🎖@cveNotify
Wiki | notnotnotveg
CVE-2024-26367
🚨 CVE-2024-35395
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
🎖@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
🎖@cveNotify