π¨ CVE-2024-7167
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability.
π@cveNotify
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability.
π@cveNotify
Gist
sourcecodester_School Fees Payment System_SQL_INJECTION_4.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-7168
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability.
π@cveNotify
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability.
π@cveNotify
Gist
sourcecodester_School Fees Payment System_SQL_INJECTION_5.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-7169
A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272583.
π@cveNotify
A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272583.
π@cveNotify
Gist
sourcecodester_School Fees Payment System_CSRF_1.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-7194
A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615.
π@cveNotify
A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615.
π@cveNotify
GitHub
Mirage/CVE7-1.md at main Β· DeepMountains/Mirage
Contribute to DeepMountains/Mirage development by creating an account on GitHub.
π¨ CVE-2024-7195
A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616.
π@cveNotify
A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616.
π@cveNotify
GitHub
Mirage/CVE7-2.md at main Β· DeepMountains/Mirage
Contribute to DeepMountains/Mirage development by creating an account on GitHub.
π¨ CVE-2024-7196
A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272617 was assigned to this vulnerability.
π@cveNotify
A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272617 was assigned to this vulnerability.
π@cveNotify
Gist
sourcecodester_Complaints Report Management System_SQL_INJECTION_1.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-7197
A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.
π@cveNotify
A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability.
π@cveNotify
Gist
sourcecodester_Complaints Report Management System_SQL_INJECTION_2.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-7198
A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619.
π@cveNotify
A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619.
π@cveNotify
Gist
sourcecodester_Complaints Report Management System_SQL_INJECTION_3.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-7199
A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620.
π@cveNotify
A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620.
π@cveNotify
Gist
sourcecodester_Complaints Report Management System_SQL_INJECTION_4.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-7200
A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272621 was assigned to this vulnerability.
π@cveNotify
A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272621 was assigned to this vulnerability.
π@cveNotify
Gist
sourcecodester_Complaints Report Management System_XSS_1.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-42010
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.
π@cveNotify
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.
π@cveNotify
GitHub
Releases Β· roundcube/roundcubemail
The Roundcube Webmail suite. Contribute to roundcube/roundcubemail development by creating an account on GitHub.
π¨ CVE-2024-41476
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
π@cveNotify
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
π@cveNotify
Gist
CVE-2024-41476
CVE-2024-41476. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-6639
The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
GitHub
GitHub - yrccondor/mdx: MDx - Material Design WordPress Theme
MDx - Material Design WordPress Theme. Contribute to yrccondor/mdx development by creating an account on GitHub.
π¨ CVE-2024-27863
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.
π@cveNotify
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6
π¨ CVE-2024-27871
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data.
π@cveNotify
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6
π¨ CVE-2024-27872
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data.
π@cveNotify
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-07-29-2024-4 macOS Sonoma 14.6
π¨ CVE-2024-27873
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
π@cveNotify
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6
π¨ CVE-2024-41238
A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
π@cveNotify
A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
π@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/SQL Injection - Student.pdf at main Β· takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
π¨ CVE-2024-6639
The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
GitHub
GitHub - yrccondor/mdx: MDx - Material Design WordPress Theme
MDx - Material Design WordPress Theme. Contribute to yrccondor/mdx development by creating an account on GitHub.
π¨ CVE-2023-45622
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
π@cveNotify
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.
π@cveNotify
π¨ CVE-2023-38043
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
π@cveNotify
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
π@cveNotify
Ivanti
Security fixes included in the latest Ivanti Secure Access Client Release
<span class="test-id__field-value slds-form-element__static slds-grow"><strong>Description</strong>
Resolutions for Pulse Desktop Client and the Ivanti Secure Access Client Issues: As part of Ivantiβs commitment to continuous security hardening the followingβ¦
Resolutions for Pulse Desktop Client and the Ivanti Secure Access Client Issues: As part of Ivantiβs commitment to continuous security hardening the followingβ¦