🚨 CVE-2024-27765
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
🎖@cveNotify
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2023-50702
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.
🎖@cveNotify
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.
🎖@cveNotify
🚨 CVE-2023-5397
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
🎖@cveNotify
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
🎖@cveNotify
🚨 CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
🎖@cveNotify
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering
🎖@cveNotify
Chocapikk
Exploring DerbyNet Vulnerabilities: A Compilation of CVEs from 2024 - Chocapikk's Cybersecurity Blog
A Comprehensive Analysis of Ten Critical Vulnerabilities in DerbyNet v9.0: From Cross-Site Scripting to SQL Injection
🚨 CVE-2023-50008
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.
🎖@cveNotify
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.
🎖@cveNotify
GitHub
avfilter/vf_colorcorrect: fix memory leaks · FFmpeg/FFmpeg@5f87a68
Mirror of https://git.ffmpeg.org/ffmpeg.git. Contribute to FFmpeg/FFmpeg development by creating an account on GitHub.
🚨 CVE-2024-22633
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.
🎖@cveNotify
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.
🎖@cveNotify
Bsport
Bsport - Link Vào Nhà Cái Bsports Chính Thức, Số 1 Ở Châu Á
Bsports là nền tảng cá cược thể thao, lô đề, bóng đá, tài xỉu, casino tiềm năng hàng đầu Việt Nam. Đăng ký mới tài khoản Bsport để xem live bóng đá miễn phí.
🚨 CVE-2024-37884
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.
🎖@cveNotify
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.
🎖@cveNotify
GitHub
Users can delete old versions of read-only shared files
### Impact
A malicious user was able to send delete requests for old versions of files they only got shared with read permissions.
### Patches
It is recommended that the Nextcloud Server i...
A malicious user was able to send delete requests for old versions of files they only got shared with read permissions.
### Patches
It is recommended that the Nextcloud Server i...
👍1
🚨 CVE-2024-38301
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
🎖@cveNotify
Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.
🎖@cveNotify
🚨 CVE-2024-6652
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.
🎖@cveNotify
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.
🎖@cveNotify
GitHub
Itsourcecode Gym Management System Project In PHP With Source Code v1.0 manage_member.php SQL injection · Issue #1 · littletree7/cve
Itsourcecode Gym Management System Project In PHP With Source Code v1.0 manage_member.php SQL injection NAME OF AFFECTED PRODUCT(S) Gym Management System Project In PHP With Source Code Vendor Home...
🚨 CVE-2019-20471
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
🎖@cveNotify
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
🎖@cveNotify
seclists.org
Full Disclosure: Bunch of IoT CVEs
🚨 CVE-2024-20701
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-21449
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-35256
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-35271
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-37319
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-37320
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-24307
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
🎖@cveNotify
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
🎖@cveNotify
GitHub
security-advisories/_posts/2024-02-29-productdesigner-22.md at main · friends-of-presta/security-advisories
Security advisories of the FOP security team for prestashop - friends-of-presta/security-advisories
🚨 CVE-2023-48902
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.
🎖@cveNotify
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2017-20190
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability.
🎖@cveNotify
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability.
🎖@cveNotify
🚨 CVE-2024-31648
Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.
🎖@cveNotify
Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.
🎖@cveNotify
GitHub
CVE/CVE-2024-31648.md at main · Mohitkumar0786/CVE
Contribute to Mohitkumar0786/CVE development by creating an account on GitHub.
🚨 CVE-2024-6930
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
🎖@cveNotify
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
🎖@cveNotify