๐จ CVE-2024-41249
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
๐@cveNotify
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/Broken Access Control - Admin - View Subjects.pdf at main ยท tโฆ
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-41251
An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.
๐@cveNotify
An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/Broken Access Control - Admin Dashboard - Registered Teacher.pdfโฆ
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-41252
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
๐@cveNotify
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/Broken Access Control - Admin Dashboard - Registered Student.pdfโฆ
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-41308
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
๐@cveNotify
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
๐@cveNotify
Blogspot
Enjay CRM 1.0 - Multiple code executions via Unrestricted Terminal
๐จ CVE-2024-41309
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
๐@cveNotify
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
๐@cveNotify
Blogspot
Enjay CRM 1.0 - Multiple code executions via Unrestricted Terminal
๐จ CVE-2024-41432
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.
๐@cveNotify
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.
๐@cveNotify
๐จ CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server.
The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control.
Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine.
Impact:
Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system.
Affected Products:
Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11
Second Chance Client versions 2.0.0-2.0.9
PIQ Client versions 1.0.0-1.0.15
Remediation:
Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks.
Workarounds:
Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing.
Credits:
This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.
๐@cveNotify
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server.
The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control.
Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine.
Impact:
Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system.
Affected Products:
Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11
Second Chance Client versions 2.0.0-2.0.9
PIQ Client versions 1.0.0-1.0.15
Remediation:
Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks.
Workarounds:
Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing.
Credits:
This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.
๐@cveNotify
KnowBe4 Knowledge Base
CVE-2024-29209
Title
CVE-2024-29209: Insufficient Domain Verification could lead to RCE in Outlook PAB (Phish Alert Button) via DNS Spoofing
Description
A medium severity vulnerability has been identified in the ...
CVE-2024-29209: Insufficient Domain Verification could lead to RCE in Outlook PAB (Phish Alert Button) via DNS Spoofing
Description
A medium severity vulnerability has been identified in the ...
๐จ CVE-2024-35009
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
๐@cveNotify
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
๐@cveNotify
GitHub
cms/5.md at main ยท Thirtypenny77/cms
Contribute to Thirtypenny77/cms development by creating an account on GitHub.
๐1
๐จ CVE-2024-4965
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
๐@cveNotify
๐จ CVE-2024-21823
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access.
๐@cveNotify
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access.
๐@cveNotify
๐จ CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
๐@cveNotify
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
๐@cveNotify
๐จ CVE-2024-34949
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
๐@cveNotify
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
๐@cveNotify
charm-august-88a on Notion
CVE-2024-34949 - SQL injection vulnerability in Likeshop 2.5.7 | Notion
Hello everyone, I'm tltp188. Today, I want to share an analysis about the CVE-2024-34949 SQL injection security vulnerability through the OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint.
๐จ CVE-2024-35579
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.
๐@cveNotify
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.
๐@cveNotify
๐จ CVE-2024-36597
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
๐@cveNotify
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
๐@cveNotify
GitHub
CVE-Aslam-mahi/vendors/projectworlds.in/AEGON LIFE v1.0 Life Insurance Management System/CVE-2024-36597 at 9ec0572c68bfd3708a7โฆ
Contribute to kaliankhe/CVE-Aslam-mahi development by creating an account on GitHub.
๐จ CVE-2024-6066
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.
๐@cveNotify
GitHub
CVE/SourceCodester_House_Rental_Management_System_Sqli.md at main ยท jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
๐จ CVE-2024-40898
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
๐@cveNotify
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
๐@cveNotify
httpd.apache.org
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
๐จ CVE-2024-27765
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
๐@cveNotify
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
๐@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS ๆฏๅบไบJavaๅ
จๆ ๆๆฏๆ้ ็ๆบ่ฝไปๅจไธญๆข็ณป็ป๏ผๅ
ทๅคๅคๅฝขๆไปๅจๅบๆฏๆทฑๅบฆ้้
่ฝๅ๏ผๅ
ผๅฎน3PL็ฌฌไธๆน็ฉๆตไธๅๅ
็ฉๆตๅๆจกๅผ๏ผใ็ณป็ป้่ฟPDAๆบ่ฝ็ป็ซฏไธWEB็ฎก็ๅนณๅฐๅ็ซฏๅๅ๏ผๆๅปบไบๆถต็ไปๅจ็ฎก็(WMS)ใ่ฎขๅๅๅ(Oโฆ
๐จ CVE-2023-50702
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.
๐@cveNotify
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.
๐@cveNotify
๐จ CVE-2023-5397
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
๐@cveNotify
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
๐@cveNotify
๐จ CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
๐@cveNotify
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
๐@cveNotify
Chocapikk
Exploring DerbyNet Vulnerabilities: A Compilation of CVEs from 2024 - Chocapikk's Cybersecurity Blog
A Comprehensive Analysis of Ten Critical Vulnerabilities in DerbyNet v9.0: From Cross-Site Scripting to SQL Injection