๐จ CVE-2023-4972
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects all versions. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects all versions. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2023-5983
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
๐@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
๐@cveNotify
๐จ CVE-2023-4993
Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
๐@cveNotify
Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
๐@cveNotify
๐จ CVE-2024-25381
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
๐@cveNotify
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
๐@cveNotify
GitHub
CVE-2024-25381/description at main ยท OoO7ce/CVE-2024-25381
Contribute to OoO7ce/CVE-2024-25381 development by creating an account on GitHub.
๐จ CVE-2024-29338
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
๐@cveNotify
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
๐@cveNotify
๐จ CVE-2023-52342
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
๐@cveNotify
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed
๐@cveNotify
๐จ CVE-2024-36081
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.
๐@cveNotify
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.
๐@cveNotify
๐จ CVE-2024-31756
An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.
๐@cveNotify
An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.
๐@cveNotify
๐จ CVE-2022-45171
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.
๐@cveNotify
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions.
๐@cveNotify
www.gruppotim.it
Vulnerability Research & Advisor
๐จ CVE-2023-38050
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-38053
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-3286
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-3287
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.
๐@cveNotify
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-3288
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.
๐@cveNotify
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-3289
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2023-3290
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
๐@cveNotify
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
๐@cveNotify
GitHub
GitHub - alextselegidis/easyappointments: :date: Easy!Appointments - Self Hosted Appointment Scheduler
:date: Easy!Appointments - Self Hosted Appointment Scheduler - alextselegidis/easyappointments
๐จ CVE-2024-41064
In the Linux kernel, the following vulnerability has been resolved:
powerpc/eeh: avoid possible crash when edev->pdev changes
If a PCI device is removed during eeh_pe_report_edev(), edev->pdev
will change and can cause a crash, hold the PCI rescan/remove lock
while taking a copy of edev->pdev->bus.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
powerpc/eeh: avoid possible crash when edev->pdev changes
If a PCI device is removed during eeh_pe_report_edev(), edev->pdev
will change and can cause a crash, hold the PCI rescan/remove lock
while taking a copy of edev->pdev->bus.
๐@cveNotify
๐จ CVE-2024-42093
In the Linux kernel, the following vulnerability has been resolved:
net/dpaa2: Avoid explicit cpumask var allocation on stack
For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask
variable on stack is not recommended since it can cause potential stack
overflow.
Instead, kernel code should always use *cpumask_var API(s) to allocate
cpumask var in config-neutral way, leaving allocation strategy to
CONFIG_CPUMASK_OFFSTACK.
Use *cpumask_var API(s) to address it.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
net/dpaa2: Avoid explicit cpumask var allocation on stack
For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask
variable on stack is not recommended since it can cause potential stack
overflow.
Instead, kernel code should always use *cpumask_var API(s) to allocate
cpumask var in config-neutral way, leaving allocation strategy to
CONFIG_CPUMASK_OFFSTACK.
Use *cpumask_var API(s) to address it.
๐@cveNotify
๐จ CVE-2024-42784
A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
๐@cveNotify
A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Music Management System v1.0/SQL Injection - View Music List.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-42785
A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
๐@cveNotify
A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Music Management System v1.0/SQL Injection - View Playlist.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-42786
A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.
๐@cveNotify
A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Music Management System v1.0/SQL Injection - View Profile.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.