π¨ CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
π@cveNotify
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
π@cveNotify
π¨ CVE-2024-3465
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.
π@cveNotify
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.
π@cveNotify
GitHub
CVE/LaundryManagementSystemSQL3.md at main Β· fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
π¨ CVE-2024-3466
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.
π@cveNotify
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.
π@cveNotify
GitHub
CVE/LaundryManagementSystemSQL4.md at main Β· fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
π¨ CVE-2024-0082
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering
π@cveNotify
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering
π@cveNotify
π¨ CVE-2024-0083
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.
π@cveNotify
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.
π@cveNotify
π¨ CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
π@cveNotify
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
π@cveNotify
Medium
How I Found 3 CVEs in 2 Days
Author: Ally Petitt
π¨ CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
π@cveNotify
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
π@cveNotify
Packetstormsecurity
CallStranger UPnP Vulnerability Checker β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¨ CVE-2020-8284
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
π@cveNotify
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
π@cveNotify
π¨ CVE-2023-40551
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
π@cveNotify
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
π@cveNotify
π¨ CVE-2022-47037
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
π@cveNotify
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
π@cveNotify
π¨ CVE-2024-31135
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
π@cveNotify
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2024-31137
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
π@cveNotify
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
π@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
π¨ CVE-2024-22949
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation.
π@cveNotify
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation.
π@cveNotify
π¨ CVE-2024-23079
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).
π@cveNotify
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).
π@cveNotify
π¨ CVE-2024-23081
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).
π@cveNotify
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).
π@cveNotify
π¨ CVE-2024-23084
Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]).
π@cveNotify
Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]).
π@cveNotify
π¨ CVE-2024-23584
The NMAP Importer serviceβ may expose data store credentials to authorized users of the Windows Registry.
π@cveNotify
The NMAP Importer serviceβ may expose data store credentials to authorized users of the Windows Registry.
π@cveNotify
Hcl-Software
Security Bulletin: HCL BigFix Asset Discovery is affected by a security vulnerability (CVE-2024-23584) - Customer Support
HCL BigFix Asset Discovery is affected by a security vulnerability (CVE-2024-23584).
π¨ CVE-2024-31047
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.
π@cveNotify
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.
π@cveNotify
GitHub
An integer overflow in file exrmultipart.cpp Β· Issue #1680 Β· AcademySoftwareFoundation/openexr
Describe the bug: Hi, I found an integer overflow issue in file exrmultipart.cpp To Reproduce: Steps to reproduce the behavior: export CC=afl-clang-fast CXX=afl-clang-fast++ export LD_LIBRARY_PATH=...
π¨ CVE-2024-25646
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
π@cveNotify
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
π@cveNotify
π¨ CVE-2024-27898
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.
π@cveNotify
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.
π@cveNotify
π¨ CVE-2024-27899
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.
π@cveNotify
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.
π@cveNotify