๐จ CVE-2024-6768
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
๐@cveNotify
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
๐@cveNotify
๐จ CVE-2023-41884
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
๐@cveNotify
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
๐@cveNotify
GitHub
Only allow Events Columns for sort. Fixes GHSA-2qp3-fwpv-mc96. Fixes โฆ ยท ZoneMinder/zoneminder@677f6a3
โฆGHSA-9cmr-7437-v9fj
๐จ CVE-2023-48171
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
๐@cveNotify
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
๐@cveNotify
๐จ CVE-2024-42741
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
GitHub
reports/totolink/x5000r/setL2tpServerCfg/setL2tpServerCfg.md at main ยท HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
๐จ CVE-2024-42742
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
GitHub
reports/totolink/x5000r/setUrlFilterRules/setUrlFilterRules.md at main ยท HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
๐จ CVE-2024-42743
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
GitHub
reports/totolink/x5000r/setSyslogCfg/setSyslogCfg.md at main ยท HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
๐จ CVE-2024-42744
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
GitHub
reports/totolink/x5000r/setModifyVpnUser/setModifyVpnUser.md at main ยท HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
๐จ CVE-2024-42745
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenicated Attackers can send malicious packet to execute arbitary commands.
๐@cveNotify
GitHub
reports/totolink/x5000r/setUPnPCfg/setUPnPCfg.md at main ยท HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
๐จ CVE-2024-42747
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
๐@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
๐@cveNotify
GitHub
reports/totolink/x5000r/setWanIeCfg/setWanIeCfg.md at main ยท HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
๐จ CVE-2024-42748
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
๐@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
๐@cveNotify
GitHub
reports/totolink/x5000r/setWiFiWpsCfg/setWiFiWpsCfg.md at main ยท HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
๐จ CVE-2024-38287
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.
๐@cveNotify
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.
๐@cveNotify
GitHub
TurboMeeting: Insecure Password Reset Mechanism
### Summary
It was noted that the password reset functionality of the "RHUB TurboMeeting" application resets passwords to a random 8-digit value instead of allowing users to set a new pa...
It was noted that the password reset functionality of the "RHUB TurboMeeting" application resets passwords to a random 8-digit value instead of allowing users to set a new pa...
๐จ CVE-2024-38288
A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
๐@cveNotify
A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
๐@cveNotify
GitHub
TurboMeeting: Post-Authentication Command Injection
### Summary
The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to ex...
The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to ex...
๐จ CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
๐@cveNotify
A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
๐@cveNotify
GitHub
TurboMeeting: Boolean-based SQL Injection
### Summary
A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the da...
A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the da...
๐จ CVE-2024-42520
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
๐@cveNotify
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
๐@cveNotify
GitHub
GitHub - c10uds/totolink_A3002R_stackoverflow
Contribute to c10uds/totolink_A3002R_stackoverflow development by creating an account on GitHub.
๐จ CVE-2024-42628
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.
๐@cveNotify
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.
๐@cveNotify
GitHub
cms/5/readme.md at main ยท Kirtoc/cms
Contribute to Kirtoc/cms development by creating an account on GitHub.
๐จ CVE-2024-42630
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
๐@cveNotify
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
๐@cveNotify
GitHub
cms/10/readme.md at main ยท Kirtoc/cms
Contribute to Kirtoc/cms development by creating an account on GitHub.
๐จ CVE-2024-42631
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1.
๐@cveNotify
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1.
๐@cveNotify
GitHub
cms/7/readme.md at main ยท Kirtoc/cms
Contribute to Kirtoc/cms development by creating an account on GitHub.
๐จ CVE-2024-42632
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
๐@cveNotify
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
๐@cveNotify
GitHub
cms/1/readme.md at main ยท Kirtoc/cms
Contribute to Kirtoc/cms development by creating an account on GitHub.
๐จ CVE-2024-42623
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1
๐@cveNotify
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1
๐@cveNotify
GitHub
cms/8/readme.md at main ยท Kirtoc/cms
Contribute to Kirtoc/cms development by creating an account on GitHub.
๐จ CVE-2024-42624
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
๐@cveNotify
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
๐@cveNotify
GitHub
cms/3/readme.md at main ยท Kirtoc/cms
Contribute to Kirtoc/cms development by creating an account on GitHub.
๐จ CVE-2024-42626
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
๐@cveNotify
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
๐@cveNotify
GitHub
cms/4/readme.md at main ยท Kirtoc/cms
Contribute to Kirtoc/cms development by creating an account on GitHub.