๐จ CVE-2024-33957
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter
๐@cveNotify
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33958
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' parameter.
๐@cveNotify
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'phonenumber' in '/passwordrecover.php' parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33959
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in '/admin/mod_reports/printreport.php' parameter.
๐@cveNotify
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in '/admin/mod_reports/printreport.php' parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33975
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.php'.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33976
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'id' parameter in '/admin/user/index.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33977
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33978
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33979
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'departure' and 'accomodation' parameters in '/index.php'.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'departure' and 'accomodation' parameters in '/index.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33980
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33981
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/index.php'.
๐@cveNotify
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/index.php'.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-7246
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.
This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.
Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
๐@cveNotify
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.
This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.
Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
๐@cveNotify
GitHub
Unparseable metadata error desperately needs better error response ยท Issue #36245 ยท grpc/grpc
What version of gRPC and what language are you using? 1.59.4 (but it's not fixed later), C++ What did you do? Send an http-based grpc request with (for example) header x-bin: $$$ What did you e...
๐จ CVE-2024-7317
The Folders โ Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
๐@cveNotify
The Folders โ Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
๐@cveNotify
๐จ CVE-2014-4608
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.
๐@cveNotify
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.
๐@cveNotify
Securitymouse
Raising Lazarus - The 20 Year Old Bug that Went to Mars
Advancements in information security research focusing on tracking, privacy, wireless, mobile, and international defense.
๐จ CVE-2014-5160
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
๐@cveNotify
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
๐@cveNotify
Zerodayinitiative
Maintenance | Zero Day Initiative
๐จ CVE-2024-5179
The Cowidgets โ Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other โsafeโ file types can be uploaded and included.
๐@cveNotify
The Cowidgets โ Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other โsafeโ file types can be uploaded and included.
๐@cveNotify
๐จ CVE-2024-6729
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271402 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271402 is the identifier assigned to this vulnerability.
๐@cveNotify
Casino020
Beste Online Casino Zonder Cruks 2025 โ Veilig Spelen Zonder Beperkingen Casino020
Zoek je informatie over het Beste Online Casino Zonder Cruks Casino020? Op deze pagina lees je alles over gokken zonder Cruks in Nederland.
๐จ CVE-2024-33960
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter.
๐@cveNotify
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33961
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter.
๐@cveNotify
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33962
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter.
๐@cveNotify
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33963
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_room/index.php' parameter.
๐@cveNotify
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_room/index.php' parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i
๐จ CVE-2024-33964
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter.
๐@cveNotify
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Janobe products
INCIBE has coordinated the publication of 40 vulnerabilities affecting Janobe, a payment system that i