π¨ CVE-2024-37343
There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.06.
Attackers with valid tunnel credentials can pass a limited-length script to the
administrative console which is then temporarily stored where an administrator
using a non-default configuration could click on it while the attacker has a
valid tunnel session with the server. The scope is unchanged, there is no loss
of confidentiality. Impact to system availability is none, impact to system
integrity is high.
π@cveNotify
There is a cross-site scripting vulnerability in the Secure
Access administrative console of Absolute Secure Access prior to version 13.06.
Attackers with valid tunnel credentials can pass a limited-length script to the
administrative console which is then temporarily stored where an administrator
using a non-default configuration could click on it while the attacker has a
valid tunnel session with the server. The scope is unchanged, there is no loss
of confidentiality. Impact to system availability is none, impact to system
integrity is high.
π@cveNotify
Absolute
CVE-2024-37343 | Secure Access 13.06 | Absolute Security
Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.06
π¨ CVE-2024-37344
There is a cross-site scripting vulnerability in the Policy
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with another system
administratorβs use of the policy management UI when the administrators are
editing the same policy object. The scope is unchanged, there is no loss of
confidentiality. Impact to system availability is none, impact to system
integrity is high.
π@cveNotify
There is a cross-site scripting vulnerability in the Policy
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with another system
administratorβs use of the policy management UI when the administrators are
editing the same policy object. The scope is unchanged, there is no loss of
confidentiality. Impact to system availability is none, impact to system
integrity is high.
π@cveNotify
Absolute
CVE-2024-37344 | Secure Access 13.06 | Absolute Security
Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.06
π¨ CVE-2024-37345
There is a cross-site scripting vulnerability in the Secure
Access administrative UI of Absolute Secure Access prior to version 13.06.
Attackers can pass a limited-length script to the administrative UI which is
then stored where an administrator can access it. The scope is unchanged, there
is no loss of confidentiality. Impact to system availability is none, impact to
system integrity is high
π@cveNotify
There is a cross-site scripting vulnerability in the Secure
Access administrative UI of Absolute Secure Access prior to version 13.06.
Attackers can pass a limited-length script to the administrative UI which is
then stored where an administrator can access it. The scope is unchanged, there
is no loss of confidentiality. Impact to system availability is none, impact to
system integrity is high
π@cveNotify
Absolute
CVE-2024-37345 | Secure Access 13.06 | Absolute Security
Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.06
π¨ CVE-2024-37347
There is a cross-site scripting vulnerability in the pool
configuration component of the management UI of Absolute Secure Access prior to
13.06. Attackers with system administrator permissions can pass a limited
length script to be run by another administrator. The scope is unchanged, there
is no loss of confidentiality. Impact to system integrity is high, impact to
system availability is none.
π@cveNotify
There is a cross-site scripting vulnerability in the pool
configuration component of the management UI of Absolute Secure Access prior to
13.06. Attackers with system administrator permissions can pass a limited
length script to be run by another administrator. The scope is unchanged, there
is no loss of confidentiality. Impact to system integrity is high, impact to
system availability is none.
π@cveNotify
Absolute
CVE-2024-37347 | Secure Access 13.06 | Absolute Security
Cross-site scripting vulnerability in the Secure Access administrative console prior to 13.06
π¨ CVE-2024-7212
A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272783. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272783. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2024-7217
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2024-5745
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.
π@cveNotify
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-267414 is the identifier assigned to this vulnerability.
π@cveNotify
GitHub
CVE/07_06_2024_a.md at main Β· L1OudFd8cl09/CVE
Contribute to L1OudFd8cl09/CVE development by creating an account on GitHub.
π¨ CVE-2013-0346
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
π@cveNotify
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
π@cveNotify
π¨ CVE-2024-20005
In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.
π@cveNotify
In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.
π@cveNotify
MediaTek
March 2024
π¨ CVE-2024-20027
In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633.
π@cveNotify
In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633.
π@cveNotify
MediaTek
March 2024
π¨ CVE-2024-27564
A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.
π@cveNotify
A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.
π@cveNotify
GitHub
SSRF vulnerability in `pictureproxy.php` File Β· Issue #114 Β· dirk1983/deepseek
SSRF vulnerability in pictureproxy.php File (chatgpt) 0x01 Affected version vendor: https://github.com/dirk1983/chatgpt version: [release]((f9f4bbc)) php version: 7.x 0x02 Vulnerability description...
π¨ CVE-2023-49979
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
π@cveNotify
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
π@cveNotify
GitHub
GitHub - geraldoalcantara/CVE-2023-49979: Best Student Management System v1.0 - Incorrect Access Control - Directory Listing
Best Student Management System v1.0 - Incorrect Access Control - Directory Listing - geraldoalcantara/CVE-2023-49979
π¨ CVE-2024-2053
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
π@cveNotify
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
π@cveNotify
seclists.org
Full Disclosure: KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
π¨ CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
π@cveNotify
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
π@cveNotify
GitHub
Security Issues in osCommerce v4 Β· Issue #62 Β· osCommerce/osCommerce-V4
RCE via file upload bypass Hello team, I have identified a security vulnerability while editing the administrator's profile picture. By manipulating the file extension from 'shell.gif' ...
π¨ CVE-2024-29684
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.
π@cveNotify
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.
π@cveNotify
GitHub
cms/1.md at main Β· iimiss/cms
Contribute to iimiss/cms development by creating an account on GitHub.
π¨ CVE-2023-50895
In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code.
π@cveNotify
In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code.
π@cveNotify
Code-White
CODE WHITE - Finest Hacking
Official website of the CODE WHITE GmbH.
π¨ CVE-2023-40289
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
π@cveNotify
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
π@cveNotify
π¨ CVE-2023-45927
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
π@cveNotify
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
π@cveNotify
π¨ CVE-2024-28335
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.
π@cveNotify
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.
π@cveNotify
Brave
Localhost Resource Permission | Brave
Starting in version 1.54, Brave for desktop and Android will include more powerful features for controlling which sites can access local network resources, and for how long.
π¨ CVE-2024-33787
Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx.
π@cveNotify
Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx.
π@cveNotify
GitHub
VulnerabilityReport/hengan_weighing_management_information_query_platform.md at main Β· jiankeguyue/VulnerabilityReport
This is the territory for me to release vulnerability messages. - jiankeguyue/VulnerabilityReport
π¨ CVE-2024-33844
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
π@cveNotify
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.
π@cveNotify