๐จ CVE-2024-0868
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value
๐@cveNotify
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value
๐@cveNotify
WPScan
coreActivity < 2.1 - Unauthenticated IP Spoofing
See details on coreActivity < 2.1 - Unauthenticated IP Spoofing CVE 2024-0868. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-2429
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
๐@cveNotify
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
๐@cveNotify
WPScan
Salon booking system < 9.6.6 - Settings Update via CSRF
See details on Salon booking system < 9.6.6 - Settings Update via CSRF CVE 2024-2429. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-34621
Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
๐จ CVE-2024-34624
Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
๐จ CVE-2024-34625
Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
๐จ CVE-2024-34626
Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
๐จ CVE-2024-34627
Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
๐จ CVE-2024-34628
Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
๐@cveNotify
๐จ CVE-2023-6585
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
๐@cveNotify
The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
๐@cveNotify
WPScan
JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
See details on JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE CVE 2023-6585. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-1564
The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode
๐@cveNotify
The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode
๐@cveNotify
WPScan
Schema Pro < 2.7.16 - Contributor+ Custom Field Access
See details on Schema Pro < 2.7.16 - Contributor+ Custom Field Access CVE 2024-1564. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-27521
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root").
๐@cveNotify
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root").
๐@cveNotify
GitHub
advisories/cve/totolink/cve-2024-27521.md at main ยท SpikeReply/advisories
Advisories from Spike Reply Cybersecurity team. Contribute to SpikeReply/advisories development by creating an account on GitHub.
๐จ CVE-2024-23772
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges.
๐@cveNotify
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges.
๐@cveNotify
Quest
Quest response to KACE SMA Agent Vulnerabilities: CVE-2024-23772, CVE-2024-23773, CVE-2024-23774 (4375402)
The Quest team has been made aware of vulnerabilities involving the KACE System Management Agent product:
CVE-2024-23772</li 4375402
CVE-2024-23772</li 4375402
๐จ CVE-2024-34632
Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
๐@cveNotify
Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
๐@cveNotify
๐จ CVE-2024-34633
Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
๐@cveNotify
Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
๐@cveNotify
๐จ CVE-2024-34634
Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
๐@cveNotify
Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
๐@cveNotify
๐จ CVE-2024-34635
Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
๐@cveNotify
Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
๐@cveNotify
๐จ CVE-2023-40809
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
๐@cveNotify
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
๐@cveNotify
eSec Forte Technologies
CVE-2023-40809-HTML injection-search - eSec Forte Technologies eSec Forte Technologies
Response manipulation is a technique where attackers make changes in the response before it reaches the browser.
๐จ CVE-2023-46935
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
๐@cveNotify
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
๐@cveNotify
GitHub
There is stored XSS in version 1.6.4 which can lead to stealing sensitive information of logged-in users ยท Issue #55 ยท weng-xianhu/eyoucms
Software Link : https://github.com/weng-xianhu/eyoucms Website : http://www.eyoucms.com/ Vulnerable version 1.6.4 download address ๏ผhttps://qiniu.eyoucms.com/source/EyouCMS-V1.6.4-UTF8-SP1_1015.zip...
๐จ CVE-2023-33206
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
๐@cveNotify
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
๐@cveNotify
๐2๐1
๐จ CVE-2024-43199
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.
๐@cveNotify
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.
๐@cveNotify
GitHub
configure.ac: don't install binaries as ndo2db_user:ndo2db_group ยท NagiosEnterprises/ndoutils@18ef120
In configure.ac we were adding two flags to INSTALL_OPTS that change
the owner:group of all installed files to ndo2db_user:ndo2db_group.
This is often a security vulnerability, since executables (w...
the owner:group of all installed files to ndo2db_user:ndo2db_group.
This is often a security vulnerability, since executables (w...
๐จ CVE-2023-45382
In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
๐@cveNotify
In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.
๐@cveNotify