π¨ CVE-2024-39740
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
π@cveNotify
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2024-39741
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.
π@cveNotify
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2024-6737
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.
π@cveNotify
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.
π@cveNotify
π¨ CVE-2024-6738
The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.
π@cveNotify
The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL.
π@cveNotify
π¨ CVE-2024-36455
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
π@cveNotify
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
π@cveNotify
π¨ CVE-2024-36456
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
π@cveNotify
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
π@cveNotify
π¨ CVE-2024-36457
The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint.
π@cveNotify
The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint.
π@cveNotify
π¨ CVE-2024-36458
The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions.
π@cveNotify
The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions.
π@cveNotify
π¨ CVE-2024-38491
The vulnerability allows an unauthenticated attacker to read arbitrary information from the database.
π@cveNotify
The vulnerability allows an unauthenticated attacker to read arbitrary information from the database.
π@cveNotify
π¨ CVE-2024-38492
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
π@cveNotify
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
π@cveNotify
π¨ CVE-2024-38493
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
π@cveNotify
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
π@cveNotify
π¨ CVE-2024-38494
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
π@cveNotify
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
π@cveNotify
π¨ CVE-2024-6689
Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.
π@cveNotify
Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.
π@cveNotify
Baramundi
S-2024-01 ο½ baramundi
π¨ CVE-2023-24229
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
π¨ CVE-2024-36774
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
π@cveNotify
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
π@cveNotify
GitHub
VulDiscovery/poc.docx at main Β· OoLs5/VulDiscovery
Persional vulDiscovery . Contribute to OoLs5/VulDiscovery development by creating an account on GitHub.
π¨ CVE-2024-36775
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.
π@cveNotify
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.
π@cveNotify
GitHub
VulDiscovery/monstra_xss.pdf at main Β· OoLs5/VulDiscovery
Persional vulDiscovery . Contribute to OoLs5/VulDiscovery development by creating an account on GitHub.
π¨ CVE-2023-37539
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.
π@cveNotify
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.
π@cveNotify
Hcl-Software
Security Bulletin: The HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability - Customerβ¦
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. Databases
π¨ CVE-2024-39887
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.
This issue affects Apache Superset: before 4.0.2.
Users are recommended to upgrade to version 4.0.2, which fixes the issue.
π@cveNotify
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.
This issue affects Apache Superset: before 4.0.2.
Users are recommended to upgrade to version 4.0.2, which fixes the issue.
π@cveNotify
π¨ CVE-2024-32504
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write vulnerability.
π@cveNotify
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write vulnerability.
π@cveNotify
Samsung Semiconductor Global
Product Security Update | Support | Samsung Semiconductor Global
Samsung semiconductor values product security. Check out the latest product security update at Samsung Semiconductor Global.
π¨ CVE-2024-32902
Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)
π@cveNotify
Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet)
π@cveNotify
π¨ CVE-2024-32910
In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify