๐จ CVE-2022-44036
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."
๐@cveNotify
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it."
๐@cveNotify
GitHub
b2evolution v7.2.5 hava a arbitrary file upload Vulnerability ยท Issue #121 ยท b2evolution/b2evolution
conf/_advanced.php -> $admins_can_manipulate_sensitive_files: set to true After the admin logged in, access URL http://localhost/index.php/a/extended-post, at "Drag & Drop files to uplo...
๐จ CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
๐@cveNotify
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
๐@cveNotify
๐จ CVE-2024-30219
Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed.
๐@cveNotify
Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed.
๐@cveNotify
jvn.jp
JVNVU#91975826: Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN routers
Japan Vulnerability Notes
๐จ CVE-2024-30220
Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port.
๐@cveNotify
Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port.
๐@cveNotify
jvn.jp
JVNVU#91975826: Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN routers
Japan Vulnerability Notes
๐จ CVE-2024-31956
An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.
๐@cveNotify
An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.
๐@cveNotify
๐จ CVE-2024-36499
Vulnerability of unauthorized screenshot capturing in the WMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Vulnerability of unauthorized screenshot capturing in the WMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2024-36500
Privilege escalation vulnerability in the AMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Privilege escalation vulnerability in the AMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2024-36501
Memory management vulnerability in the boottime module
Impact: Successful exploitation of this vulnerability can affect integrity.
๐@cveNotify
Memory management vulnerability in the boottime module
Impact: Successful exploitation of this vulnerability can affect integrity.
๐@cveNotify
๐จ CVE-2024-22442
The vulnerability could be remotely exploited to bypass authentication.
๐@cveNotify
The vulnerability could be remotely exploited to bypass authentication.
๐@cveNotify
๐จ CVE-2024-33180
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
๐@cveNotify
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
๐@cveNotify
palm-vertebra-fe9 on Notion
saveParentControlInfo_1 | Notion
Overview
๐จ CVE-2024-33182
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
๐@cveNotify
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
๐@cveNotify
palm-vertebra-fe9 on Notion
addWifiMacFilter_1 | Notion
Overview
๐จ CVE-2024-35338
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
๐@cveNotify
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
๐@cveNotify
palm-vertebra-fe9 on Notion
Tenda i29v1.0 was discovered to contain a hardcoded | Notion
Overview
๐จ CVE-2024-40322
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
๐@cveNotify
An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data
๐@cveNotify
GitHub
CVE/JFinalCMS_SQL.md at main ยท KakeruJ/CVE
Contribute to KakeruJ/CVE development by creating an account on GitHub.