🚨 CVE-2023-38001
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206.
🎖@cveNotify
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206.
🎖@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
🚨 CVE-2023-50809
In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in remote code execution within the kernel. This affects Amp, Arc, Arc SL, Beam, Beam Gen 2, Beam SL, and Five.
🎖@cveNotify
In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in remote code execution within the kernel. This affects Amp, Arc, Arc SL, Beam, Beam Gen 2, Beam SL, and Five.
🎖@cveNotify
🚨 CVE-2024-38989
izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
🎖@cveNotify
izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
🎖@cveNotify
Gist
[CVE-2024-38989] Prototype Pollution vulnerability affecting bunt/util, version 0.29.19
[CVE-2024-38989] Prototype Pollution vulnerability affecting bunt/util, version 0.29.19 - bunt-util.md
🚨 CVE-2024-42741
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
GitHub
reports/totolink/x5000r/setL2tpServerCfg/setL2tpServerCfg.md at main · HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
🚨 CVE-2024-42742
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
GitHub
reports/totolink/x5000r/setUrlFilterRules/setUrlFilterRules.md at main · HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
🚨 CVE-2024-42743
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
GitHub
reports/totolink/x5000r/setSyslogCfg/setSyslogCfg.md at main · HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
🚨 CVE-2024-42744
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
GitHub
reports/totolink/x5000r/setModifyVpnUser/setModifyVpnUser.md at main · HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
🚨 CVE-2024-42745
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
GitHub
reports/totolink/x5000r/setUPnPCfg/setUPnPCfg.md at main · HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
🚨 CVE-2024-41623
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload
🎖@cveNotify
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload
🎖@cveNotify
🚨 CVE-2024-42736
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
GitHub
reports/totolink/x5000r/addBlacklist/addBlacklist.md at main · HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
🚨 CVE-2024-42737
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
🎖@cveNotify
GitHub
reports/totolink/x5000r/delBlacklist/delBlacklist.md at main · HouseFuzz/reports
CVE reports. Contribute to HouseFuzz/reports development by creating an account on GitHub.
🚨 CVE-2024-7289
A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273158 is the identifier assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273158 is the identifier assigned to this vulnerability.
🎖@cveNotify
Gist
sourcecodester_Establishment Billing Management System_SQL_INJECTION_4.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-7290
A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159.
🎖@cveNotify
A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159.
🎖@cveNotify
Gist
sourcecodester_Establishment Billing Management System_SQL_INJECTION_5.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-7307
A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199.
🎖@cveNotify
A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199.
🎖@cveNotify
Gist
sourcecodester_Establishment Billing Management System_SQL_INJECTION_7.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-7308
A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273200.
🎖@cveNotify
A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273200.
🎖@cveNotify
Gist
sourcecodester_Establishment Billing Management System_SQL_INJECTION_8.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-7309
A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273201 was assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. This affects an unknown part of the file entry.php. The manipulation of the argument school leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273201 was assigned to this vulnerability.
🎖@cveNotify
GitHub
VUL/Record-Management-System-1.md at main · zw-a11y/VUL
Contribute to zw-a11y/VUL development by creating an account on GitHub.
🚨 CVE-2024-7310
A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file sort_user.php. The manipulation of the argument sort leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273202 is the identifier assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in SourceCodester Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file sort_user.php. The manipulation of the argument sort leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273202 is the identifier assigned to this vulnerability.
🎖@cveNotify
GitHub
VUL/Record-Management-System-2.md at main · zw-a11y/VUL
Contribute to zw-a11y/VUL development by creating an account on GitHub.
🚨 CVE-2024-7311
A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273203.
🎖@cveNotify
A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273203.
🎖@cveNotify
GitHub
code-projects Online Bus Reservation Site Using PHP With Source Code v1.0 register.php SQL injection · Issue #1 · 23588hk/cve
code-projects Online Bus Reservation Site Using PHP With Source Code v1.0 register.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Bus Reservation Site Using PHP With Source Code Vendor Homepa...
🚨 CVE-2017-3772
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.
🎖@cveNotify
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.
🎖@cveNotify
iknow.lenovo.com.cn
安全公告:LEN-20491 在 IOCTL 0x9C402000 上的无效输入导致 Lenovo PC Manager 2.6 系统重新启动-联想知识库
为您提供联想lenovo笔记本的常见问题原因分析、解决方案和操作指导。涉及新电脑首次开机设置和使用,预装系统和预装软件等问题处理。方案涉及产品包括ideapad笔记本、yoga笔记本、小新笔记本、xiaoxin笔记本、昭阳笔记本、扬天笔记本、拯救者笔记本,miix系列笔记本、Flex系列笔记本等。
🚨 CVE-2019-6197
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
🎖@cveNotify
A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.
🎖@cveNotify
🚨 CVE-2024-41481
Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component.
🎖@cveNotify
Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component.
🎖@cveNotify
support.typora.io
Typora 1.9
New Code Block Math Improvements EPub Export Block Diagram Header Anchor Spec Other Improvements Fix New Code Block Math You enable Code Block Math in Preferences Panel → Markdown → Code Block Math to enable support for Gitlab / GitHub style math block (…