🚨 CVE-2024-29972
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
🎖@cveNotify
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
🎖@cveNotify
Outpost24
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
How Outpost24’s vulnerability research team found five vulnerabilities in Zyxel NAS devices.
🚨 CVE-2024-29973
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
🎖@cveNotify
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
🎖@cveNotify
Outpost24
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
How Outpost24’s vulnerability research team found five vulnerabilities in Zyxel NAS devices.
🚨 CVE-2024-29974
** UNSUPPORTED WHEN ASSIGNED **
The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
🎖@cveNotify
** UNSUPPORTED WHEN ASSIGNED **
The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
🎖@cveNotify
Outpost24
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
How Outpost24’s vulnerability research team found five vulnerabilities in Zyxel NAS devices.
🚨 CVE-2024-29975
** UNSUPPORTED WHEN ASSIGNED **
The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.
🎖@cveNotify
** UNSUPPORTED WHEN ASSIGNED **
The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.
🎖@cveNotify
Outpost24
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
How Outpost24’s vulnerability research team found five vulnerabilities in Zyxel NAS devices.
🚨 CVE-2024-29976
** UNSUPPORTED WHEN ASSIGNED **
The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.
🎖@cveNotify
** UNSUPPORTED WHEN ASSIGNED **
The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.
🎖@cveNotify
Outpost24
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)
How Outpost24’s vulnerability research team found five vulnerabilities in Zyxel NAS devices.
🚨 CVE-2024-29506
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
🎖@cveNotify
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
🎖@cveNotify
🚨 CVE-2024-6567
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
🎖@cveNotify
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
🎖@cveNotify
🚨 CVE-2024-7376
A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Affected is an unknown function of the file /print_quiz_records.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273360.
🎖@cveNotify
A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Affected is an unknown function of the file /print_quiz_records.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273360.
🎖@cveNotify
Gist
sourcecodester_Simple Realtime Quiz System_SQL_INJECTION_8.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-7377
A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_result.php. The manipulation of the argument qid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273361 was assigned to this vulnerability.
🎖@cveNotify
A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_result.php. The manipulation of the argument qid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273361 was assigned to this vulnerability.
🎖@cveNotify
Gist
sourcecodester_Simple Realtime Quiz System_SQL_INJECTION_9.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-33665
angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.
🎖@cveNotify
angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.
🎖@cveNotify
Herodevs
Vulnerability Directory | End-of-Life Open Source Software | HeroDevs
These frameworks in your tech stack are vulnerable. Switch to Never-Ending Support from HeroDevs to immediately mitigate these vulnerabilities.
🚨 CVE-2024-33308
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
🎖@cveNotify
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
🎖@cveNotify
GitHub
GitHub - aaravavi/TVS-Connect-Application-VAPT: This repository contains a detailed list of all the vulnerabilities, found accorss…
This repository contains a detailed list of all the vulnerabilities, found accorss the TVS Connect mobile application by the security team at FEV LTD. - aaravavi/TVS-Connect-Application-VAPT
🚨 CVE-2024-33309
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
🎖@cveNotify
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
🎖@cveNotify
GitHub
GitHub - aaravavi/TVS-Connect-Application-VAPT: This repository contains a detailed list of all the vulnerabilities, found accorss…
This repository contains a detailed list of all the vulnerabilities, found accorss the TVS Connect mobile application by the security team at FEV LTD. - aaravavi/TVS-Connect-Application-VAPT
🚨 CVE-2024-33103
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.
🎖@cveNotify
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.
🎖@cveNotify
GitHub
DokuWiki 2024-02-06a has a stored XSS vulnerability · Issue #4267 · dokuwiki/dokuwiki
Summary DokuWiki 2024-02-06a has a storage XSS vulnerability, an attacker can upload a malicious svg file to obtain other users' cookies. Details We found that in the Media Manager, it is allow...
🚨 CVE-2024-34149
In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective).
🎖@cveNotify
In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective).
🎖@cveNotify
GitHub
Policy: Enforce witness script size limit for tapscript by luke-jr · Pull Request #29769 · bitcoin/bitcoin
Tapscript is missing the policy size limit check. The limit is inconsistent between witness and scriptSig, so for now this uses the (higher) witness size limit.
We should probably unify these on a ...
We should probably unify these on a ...
🚨 CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
🎖@cveNotify
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
🎖@cveNotify
GitHub
vditor/README_en_US.md at b3a14d6e4462b0c17141e1fcc66173264ada64e0 · Vanessa219/vditor
♏ 一款浏览器端的 Markdown 编辑器,支持所见即所得(富文本)、即时渲染(类似 Typora)和分屏预览模式。An In-browser Markdown editor, support WYSIWYG (Rich Text), Instant Rendering (Typora-like) and Split View modes. - Vanessa219/vditor
🚨 CVE-2024-34523
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
GitHub
AChecker/checker/download.php at main · inclusive-design/AChecker
Automated interactive Web content accessibility checker. - inclusive-design/AChecker
🚨 CVE-2024-34365
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
🚨 CVE-2024-34749
Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser of the user.
🎖@cveNotify
Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser of the user.
🎖@cveNotify
p.horm.org
Phormer, the PHP without MySQL PhotoGallery Manager
🚨 CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.
🎖@cveNotify
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.
🎖@cveNotify
GitHub
an unsafe use of pickle · Issue #1582 · joblib/joblib
Python 3.9.13, joblib 1.4.2 joblib.numpy_pickle::NumpyArrayWrapper().read_array() use pickle.load() to deserialize data, which may allows to execute evil code locally,if the project runs on a publi...
🚨 CVE-2024-33900
KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
🎖@cveNotify
KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
🎖@cveNotify
Gist
POC: CVE-2024-33900, CVE-2024-33901
POC: CVE-2024-33900, CVE-2024-33901. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-33901
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
🎖@cveNotify
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
🎖@cveNotify
Gist
POC: CVE-2024-33900, CVE-2024-33901
POC: CVE-2024-33900, CVE-2024-33901. GitHub Gist: instantly share code, notes, and snippets.