π¨ CVE-2024-3142
A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.
π@cveNotify
A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.
π@cveNotify
Clavister
cOS Core 14.00.13 Release Notes
Learn more: cOS Core 14.00.13 Release Notes
π¨ CVE-2024-3253
A vulnerability classified as critical was found in SourceCodester Internship Portal Management System 1.0. This vulnerability affects unknown code of the file admin/add_admin.php. The manipulation of the argument name/username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259102 is the identifier assigned to this vulnerability.
π@cveNotify
A vulnerability classified as critical was found in SourceCodester Internship Portal Management System 1.0. This vulnerability affects unknown code of the file admin/add_admin.php. The manipulation of the argument name/username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259102 is the identifier assigned to this vulnerability.
π@cveNotify
GitHub
Vul/Internship-Portal-Management-System-03 at main Β· thisissuperann/Vul
Contribute to thisissuperann/Vul development by creating an account on GitHub.
π¨ CVE-2020-15368
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
π@cveNotify
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
π@cveNotify
π¨ CVE-2024-25918
Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8.
π@cveNotify
Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8.
π@cveNotify
Patchstack
WordPress InstaWP Connect plugin <= 0.1.0.8 - Remote Code Execution vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-27191
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2.
π@cveNotify
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2.
π@cveNotify
Patchstack
WordPress Slivery Extender plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-27951
Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin β MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin β MPG: from n/a through 3.4.0.
π@cveNotify
Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin β MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin β MPG: from n/a through 3.4.0.
π@cveNotify
Patchstack
WordPress Multiple Page Generator Plugin <= 3.4.0 - Remote Code Execution (RCE) vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-27972
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.
π@cveNotify
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.
π@cveNotify
Patchstack
WordPress WP Fusion Lite plugin <= 3.41.24 - Remote Code Execution (RCE) vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-28782
IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.
π@cveNotify
IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2024-29477
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
π@cveNotify
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
π@cveNotify
www.dolibarr.org
Dolibarr Open Source ERP and CRM - Web suite for business
Web based ERP and CRM Open Source software to manage a professional or foundation activity (sme, freelancers or large companies): quotation or commercial proposals, invoices, products, contacts, agenda, orders, purchases, stocks, emailings, CMS, POS
π¨ CVE-2024-31380
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.1.
π@cveNotify
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.1.
π@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Oxygen Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-31390
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows Code Injection.This issue affects Breakdance: from n/a through 1.7.0.
π@cveNotify
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows Code Injection.This issue affects Breakdance: from n/a through 1.7.0.
π@cveNotify
Patchstack
WordPress Breakdance plugin <= 1.7.1 - Authenticated Remote Code Execution (RCE) vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-3254
A vulnerability, which was classified as critical, has been found in SourceCodester Internship Portal Management System 1.0. This issue affects some unknown processing of the file admin/edit_admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259103.
π@cveNotify
A vulnerability, which was classified as critical, has been found in SourceCodester Internship Portal Management System 1.0. This issue affects some unknown processing of the file admin/edit_admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259103.
π@cveNotify
GitHub
Vul/Internship-Portal-Management-System-04 at main Β· thisissuperann/Vul
Contribute to thisissuperann/Vul development by creating an account on GitHub.
π¨ CVE-2024-3255
A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/edit_admin_query.php. The manipulation of the argument username/password/name/admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259104.
π@cveNotify
A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/edit_admin_query.php. The manipulation of the argument username/password/name/admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259104.
π@cveNotify
GitHub
Vul/Internship-Portal-Management-System-05 at main Β· thisissuperann/Vul
Contribute to thisissuperann/Vul development by creating an account on GitHub.
π¨ CVE-2024-25075
An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of memory, i.e., a denial of service.
π@cveNotify
An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled, leading to memory consumption. When that happens often enough, the device will be out of memory, i.e., a denial of service.
π@cveNotify
π¨ CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module.
π@cveNotify
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module.
π@cveNotify
Gist
CVE-2024-27602
CVE-2024-27602. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-27604
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized.
π@cveNotify
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized.
π@cveNotify
Gist
CVE-2024-27604.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-27605
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system.
π@cveNotify
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system.
π@cveNotify
Gist
CVE-2024-27605
CVE-2024-27605. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas.
π@cveNotify
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas.
π@cveNotify
Gist
CVE-2024-29432
CVE-2024-29432. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-30344
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22733.
π@cveNotify
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22733.
π@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.
π¨ CVE-2024-1979
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.
π@cveNotify
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.
π@cveNotify
π¨ CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputsβ. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkeyβ and ctxβ. That function uses named return parameters to free pkeyβ and ctxβ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkeyβ and ctxβ will be nil inside the deferred function that should free them.
π@cveNotify
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputsβ. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkeyβ and ctxβ. That function uses named return parameters to free pkeyβ and ctxβ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkeyβ and ctxβ will be nil inside the deferred function that should free them.
π@cveNotify