🚨 CVE-2024-20023
In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.
🎖@cveNotify
In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.
🎖@cveNotify
MediaTek
March 2024
🚨 CVE-2023-48957
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
🎖@cveNotify
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
🎖@cveNotify
LHN
Multiple Vulnerabilities Found In PureVPN – One Remains Unpatched
Researchers spotted a couple of security vulnerabilities in PureVPN Desktop clients for Linux that impact users’ privacy. While PureVPN patched one flaw, another RCE vulnerability remains unpatched. Numerous PureVPN Vulnerabilities Affected Linux Clients…
👍1
🚨 CVE-2024-45258
The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.
🎖@cveNotify
The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design.
🎖@cveNotify
GitHub
prevent successful requests from invalid host · imroc/req@04e3ece
Simple Go HTTP client with Black Magic. Contribute to imroc/req development by creating an account on GitHub.
🚨 CVE-2024-8150
A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /api/system/user?deptId=1&page=1&size=10. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /api/system/user?deptId=1&page=1&size=10. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Continew Admin V3.2.0 Presence of SQL Injection_1 · Issue #2 · Chiexf/cve
Summary The controllable sort parameter has led to SQL injection in Continue Admin v3.2.0. Environment Setup Build the backend code locally by downloading "https://github.com/continew-org/cont...
🚨 CVE-2024-8151
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
CVE/SourceCodester_Interactive_Map_With_Marker_delete_mark_XSS.md at main · jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
🚨 CVE-2024-8158
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake.
The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug.
This bug was inherited from Plan 9 and is present in all versions of 9front and is remedied fully in commit 9645ae07eb66a59015e3e118d0024790c37400da.
🎖@cveNotify
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake.
The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug.
This bug was inherited from Plan 9 and is present in all versions of 9front and is remedied fully in commit 9645ae07eb66a59015e3e118d0024790c37400da.
🎖@cveNotify
🚨 CVE-2024-8152
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
CVE/SourceCodester_QR_Code_Bookmark_System_add_bookmark_XSS.md at main · jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
🚨 CVE-2024-8153
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
CVE/SourceCodester_QR_Code_Bookmark_System_delete_bookmark_XSS.md at main · jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
🚨 CVE-2024-8154
A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_bookmark_id/name/url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_bookmark_id/name/url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
CVE/SourceCodester_QR_Code_Bookmark_System_update_bookmark_XSS.md at main · jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
🚨 CVE-2024-8155
A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Continew Admin V3.2.0 Presence of SQL Injection_2 · Issue #3 · Chiexf/cve
Summary The controllable sort parameter has led to SQL injection in Continue Admin v3.2.0. Environment Setup Build the backend code locally by downloading "https://github.com/continew-org/cont...
🚨 CVE-2024-42992
Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.
🎖@cveNotify
Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.
🎖@cveNotify
🚨 CVE-2024-8073
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
🎖@cveNotify
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
🎖@cveNotify
山石网科
安全公告-山石网科WAF存在命令注入漏洞 - 山石网科
漏洞名称
山石网科WAF存在命令注入漏洞
发布时间
2024-08-19
漏洞描述
山石网科 Web 应用防火墙(WAF)是专业智能的Web 应用安全防护产品,在Web资产发现、漏洞评估、流量学习、威胁定位等方面全面应用智能分析和语义分析技术,帮助用户轻松应对应用层风险,确保网站全天候的安全运营。
在WAF的验证码页面,存在命令注入漏洞,恶意攻击者可通过构造恶意请求,拼接命令执行任意代码,控制服务器。
漏洞级别
高危
漏洞来源
外部披露
影响和修复…
山石网科WAF存在命令注入漏洞
发布时间
2024-08-19
漏洞描述
山石网科 Web 应用防火墙(WAF)是专业智能的Web 应用安全防护产品,在Web资产发现、漏洞评估、流量学习、威胁定位等方面全面应用智能分析和语义分析技术,帮助用户轻松应对应用层风险,确保网站全天候的安全运营。
在WAF的验证码页面,存在命令注入漏洞,恶意攻击者可通过构造恶意请求,拼接命令执行任意代码,控制服务器。
漏洞级别
高危
漏洞来源
外部披露
影响和修复…
🚨 CVE-2024-6729
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
reports.kunull.net
CVE-2024-6729 | Reports
🚨 CVE-2024-6731
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
reports.kunull.net
CVE-2024-6731 | Reports
🚨 CVE-2024-6732
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
reports.kunull.net
CVE-2024-6732 | Reports
🚨 CVE-2024-6802
A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
reports.kunull.net
CVE-2024-6802 | Reports
🚨 CVE-2024-6807
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
reports.kunull.net
CVE-2024-6807 | Reports
🚨 CVE-2024-43688
cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.
🎖@cveNotify
cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.
🎖@cveNotify
GitHub
Fix CVE-2024-43688, buffer underflow for very large step values · vixie/cron@9cc8ab1
In get_number(), reject values that are so large that they are
interpreted as negative numbers. In set_range(), step values smaller
than one or larger than the "stop" value are i...
interpreted as negative numbers. In set_range(), step values smaller
than one or larger than the "stop" value are i...
🚨 CVE-2024-41996
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
🎖@cveNotify
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
🎖@cveNotify
D(HE)at Attack
Technical Details
How does the attack work? During a D(HE)at attack, the malicious client initiates cryptographic handshakes pretending to support only the ephemeral variant of the finite field Diffie-Hellman key agreement protocol (DHE), triggering key pair generation and…
🚨 CVE-2024-6879
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.
🎖@cveNotify
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.
🎖@cveNotify
WPScan
Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS
See details on Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS CVE 2024-6879. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-7313
The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
🎖@cveNotify
The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
🎖@cveNotify
WPScan
Shield Security < 20.0.6 - Reflected XSS
See details on Shield Security < 20.0.6 - Reflected XSS CVE 2024-7313. View the latest Plugin Vulnerabilities on WPScan.