๐จ CVE-2024-6655
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
๐@cveNotify
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
๐@cveNotify
๐จ CVE-2017-10955
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability
๐@cveNotify
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability
๐@cveNotify
๐จ CVE-2022-44036
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."
๐@cveNotify
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."
๐@cveNotify
GitHub
b2evolution v7.2.5 hava a arbitrary file upload Vulnerability ยท Issue #121 ยท b2evolution/b2evolution
conf/_advanced.php -> $admins_can_manipulate_sensitive_files: set to true After the admin logged in, access URL http://localhost/index.php/a/extended-post, at "Drag & Drop files to uplo...
๐จ CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
๐@cveNotify
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
๐@cveNotify
๐จ CVE-2024-30219
Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed.
๐@cveNotify
Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed.
๐@cveNotify
jvn.jp
JVNVU#91975826: Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN routers
Japan Vulnerability Notes
๐จ CVE-2024-30220
Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port.
๐@cveNotify
Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port.
๐@cveNotify
jvn.jp
JVNVU#91975826: Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN routers
Japan Vulnerability Notes
๐จ CVE-2024-31956
An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.
๐@cveNotify
An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.
๐@cveNotify
๐จ CVE-2024-36499
Vulnerability of unauthorized screenshot capturing in the WMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Vulnerability of unauthorized screenshot capturing in the WMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2024-36500
Privilege escalation vulnerability in the AMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Privilege escalation vulnerability in the AMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2024-36501
Memory management vulnerability in the boottime module
Impact: Successful exploitation of this vulnerability can affect integrity.
๐@cveNotify
Memory management vulnerability in the boottime module
Impact: Successful exploitation of this vulnerability can affect integrity.
๐@cveNotify
๐จ CVE-2024-22442
The vulnerability could be remotely exploited to bypass authentication.
๐@cveNotify
The vulnerability could be remotely exploited to bypass authentication.
๐@cveNotify
๐จ CVE-2024-33180
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
๐@cveNotify
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
๐@cveNotify
palm-vertebra-fe9 on Notion
saveParentControlInfo_1 | Notion
Overview
๐จ CVE-2024-33182
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
๐@cveNotify
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
๐@cveNotify
palm-vertebra-fe9 on Notion
addWifiMacFilter_1 | Notion
Overview
๐จ CVE-2024-35338
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
๐@cveNotify
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
๐@cveNotify
palm-vertebra-fe9 on Notion
Tenda i29v1.0 was discovered to contain a hardcoded | Notion
Overview
๐จ CVE-2024-40322
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
๐@cveNotify
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
๐@cveNotify
GitHub
CVE/JFinalCMS_SQL.md at main ยท KakeruJ/CVE
Contribute to KakeruJ/CVE development by creating an account on GitHub.