π¨ CVE-2024-33270
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.
π@cveNotify
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.
π@cveNotify
Prestashop
Customer File Upload:Attach/Upload File on Product,Cart
Prestashop Upload File provides your customers a mean to upload or attach files on product, cart, checkout and order detail pages. Display merchant uploaded files as downloadable on product pages with attractive icons.
π¨ CVE-2024-22830
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level.
π@cveNotify
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level.
π@cveNotify
Anticheatexpert
Anti-Cheat Expert
Since 2005, Anti-Cheat Expert (ACE) has strived to protect games and players from a broad range of security threats, offering developers a one-stop game defense System. From basic game protection strategies to industry-leading technologies, ACE offers safeguardingβ¦
π¨ CVE-2024-32359
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.
π@cveNotify
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.
π@cveNotify
Gist
CVE-2024-32359 References
CVE-2024-32359 References. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-33844
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
π@cveNotify
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
π@cveNotify
Parrot Developers Forum
CVE-2024-33844, Bugs in ANAFI Thermal/USA Firmware
As the mavlink_itf_reset_mission_data function does not sanitize the MAV_MISSION_TYPE(0, 1, 2, 255) so that when I send MAVLink MISSION_COUNT payload with MAV_MISSION_TYPE=17, the βcontrolβ crashes by freeing 0-filled memory addresses. Tested on Parrot ANAFIβ¦
π¨ CVE-2024-31636
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
π@cveNotify
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
π@cveNotify
GitHub
GitHub - lief-project/LIEF: LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
LIEF - Library to Instrument Executable Formats (C++, Python, Rust) - lief-project/LIEF
π¨ CVE-2024-33120
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.
π@cveNotify
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.
π@cveNotify
GitHub
cxcxcxcxcxcxcxc/cxcxcxcxcxc/about-2024/33120.txt at main Β· cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc
Contribute to cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc development by creating an account on GitHub.
π¨ CVE-2024-30801
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
π@cveNotify
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
π@cveNotify
π¨ CVE-2024-26367
Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login parameters.
π@cveNotify
Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login parameters.
π@cveNotify
Wiki | notnotnotveg
CVE-2024-26367
π¨ CVE-2024-35395
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
π@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
π@cveNotify
π¨ CVE-2024-35396
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
π@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
π@cveNotify
π¨ CVE-2024-35397
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
π@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
π@cveNotify
π¨ CVE-2024-35398
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
π@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
π@cveNotify
π¨ CVE-2024-35399
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
π@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
π@cveNotify
π¨ CVE-2024-35400
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
π@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
π@cveNotify
π¨ CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
π@cveNotify
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
π@cveNotify
π¨ CVE-2024-35563
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions.
π@cveNotify
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions.
π@cveNotify
π¨ CVE-2024-36702
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.
π@cveNotify
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.
π@cveNotify
GitHub
GitHub - mz-automation/libiec61850: Official repository for libIEC61850, the open-source library for the IEC 61850 protocols
Official repository for libIEC61850, the open-source library for the IEC 61850 protocols - mz-automation/libiec61850
π¨ CVE-2023-37057
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.
π@cveNotify
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.
π@cveNotify
π¨ CVE-2023-37058
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
π@cveNotify
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
π@cveNotify
GitHub
GitHub - ri5c/Jlink-Router-RCE
Contribute to ri5c/Jlink-Router-RCE development by creating an account on GitHub.
π¨ CVE-2024-37821
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
π@cveNotify
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
π@cveNotify
GitHub
CVEs/2024/CVE-2024-37821.md at master Β· alexbsec/CVEs
Contribute to alexbsec/CVEs development by creating an account on GitHub.
π¨ CVE-2024-37676
An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function.
π@cveNotify
An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function.
π@cveNotify
Gist
CVE-2024-37676
CVE-2024-37676. GitHub Gist: instantly share code, notes, and snippets.