🚨 CVE-2024-36597
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
🎖@cveNotify
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
🎖@cveNotify
GitHub
CVE-Aslam-mahi/vendors/projectworlds.in/AEGON LIFE v1.0 Life Insurance Management System/CVE-2024-36597 at 9ec0572c68bfd3708a7…
Contribute to kaliankhe/CVE-Aslam-mahi development by creating an account on GitHub.
🚨 CVE-2024-6066
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.
🎖@cveNotify
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.
🎖@cveNotify
GitHub
CVE/SourceCodester_House_Rental_Management_System_Sqli.md at main · jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
🚨 CVE-2024-40898
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
🎖@cveNotify
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
🎖@cveNotify
httpd.apache.org
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
🚨 CVE-2024-27765
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
🎖@cveNotify
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2023-50702
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.
🎖@cveNotify
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.
🎖@cveNotify
🚨 CVE-2023-5397
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
🎖@cveNotify
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
🎖@cveNotify
🚨 CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
🎖@cveNotify
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
🎖@cveNotify
Chocapikk
Exploring DerbyNet Vulnerabilities: A Compilation of CVEs from 2024 - Chocapikk's Cybersecurity Blog
A Comprehensive Analysis of Ten Critical Vulnerabilities in DerbyNet v9.0: From Cross-Site Scripting to SQL Injection
🚨 CVE-2023-50008
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.
🎖@cveNotify
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.
🎖@cveNotify
GitHub
avfilter/vf_colorcorrect: fix memory leaks · FFmpeg/FFmpeg@5f87a68
Mirror of https://git.ffmpeg.org/ffmpeg.git. Contribute to FFmpeg/FFmpeg development by creating an account on GitHub.
🚨 CVE-2024-22633
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.
🎖@cveNotify
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.
🎖@cveNotify
Bsport
Bsport - Link Vào Nhà Cái Bsports Chính Thức, Số 1 Ở Châu Á
Bsports là nền tảng cá cược thể thao, lô đề, bóng đá, tài xỉu, casino tiềm năng hàng đầu Việt Nam. Đăng ký mới tài khoản Bsport để xem live bóng đá miễn phí.
🚨 CVE-2024-37884
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.
🎖@cveNotify
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.
🎖@cveNotify
GitHub
Users can delete old versions of read-only shared files
### Impact
A malicious user was able to send delete requests for old versions of files they only got shared with read permissions.
### Patches
It is recommended that the Nextcloud Server i...
A malicious user was able to send delete requests for old versions of files they only got shared with read permissions.
### Patches
It is recommended that the Nextcloud Server i...
👍1
🚨 CVE-2024-38301
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
🎖@cveNotify
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
🎖@cveNotify
🚨 CVE-2024-6652
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.
🎖@cveNotify
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.
🎖@cveNotify
GitHub
Itsourcecode Gym Management System Project In PHP With Source Code v1.0 manage_member.php SQL injection · Issue #1 · littletree7/cve
Itsourcecode Gym Management System Project In PHP With Source Code v1.0 manage_member.php SQL injection NAME OF AFFECTED PRODUCT(S) Gym Management System Project In PHP With Source Code Vendor Home...
🚨 CVE-2019-20471
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
🎖@cveNotify
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
🎖@cveNotify
seclists.org
Full Disclosure: Bunch of IoT CVEs
🚨 CVE-2024-20701
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-21449
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-35256
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-35271
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-37319
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-37320
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-24307
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
🎖@cveNotify
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
🎖@cveNotify
GitHub
security-advisories/_posts/2024-02-29-productdesigner-22.md at main · friends-of-presta/security-advisories
Security advisories of the FOP security team for prestashop - friends-of-presta/security-advisories