๐จ CVE-2024-7777
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
๐@cveNotify
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
๐@cveNotify
๐จ CVE-2024-7780
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
๐@cveNotify
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
๐@cveNotify
๐จ CVE-2024-7782
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
๐@cveNotify
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
๐@cveNotify
๐จ CVE-2024-42662
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.
๐@cveNotify
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.
๐@cveNotify
Gist
CVE-2024-42662
CVE-2024-42662. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-43376
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.
๐@cveNotify
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.
๐@cveNotify
GitHub
Merge commit from fork ยท umbraco/Umbraco-CMS@b76070c
* Use Debug Mode to determine content of the ProblemDetails
* Cache the debug value
* Cache the debug value
๐จ CVE-2024-43377
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
๐@cveNotify
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
๐@cveNotify
GitHub
Merge commit from fork ยท umbraco/Umbraco-CMS@72bef88
Umbraco is a free and open source .NET content management system helping you deliver delightful digital experiences. - Merge commit from fork ยท umbraco/Umbraco-CMS@72bef88
๐จ CVE-2024-8152
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
CVE/SourceCodester_QR_Code_Bookmark_System_add_bookmark_XSS.md at main ยท jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
๐จ CVE-2024-8153
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
CVE/SourceCodester_QR_Code_Bookmark_System_delete_bookmark_XSS.md at main ยท jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
๐จ CVE-2024-8154
A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_bookmark_id/name/url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_bookmark_id/name/url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
CVE/SourceCodester_QR_Code_Bookmark_System_update_bookmark_XSS.md at main ยท jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
๐จ CVE-2024-8166
A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2024-8167
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2024-8168
A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2024-8169
A vulnerability was found in code-projects Online Quiz Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file signupuser.php. The manipulation of the argument lid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in code-projects Online Quiz Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file signupuser.php. The manipulation of the argument lid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2023-44031
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.
๐@cveNotify
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.
๐@cveNotify
seclists.org
Full Disclosure: Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031)
๐จ CVE-2024-25089
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.
๐@cveNotify
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.
๐@cveNotify
๐จ CVE-2024-24469
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.
๐@cveNotify
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.
๐@cveNotify
GitHub
cms/2.md at main ยท tang-0717/cms
Contribute to tang-0717/cms development by creating an account on GitHub.
๐จ CVE-2024-24260
media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.
๐@cveNotify
media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.
๐@cveNotify
GitHub
media-server_defects/media-server_1.md at main ยท yinluming13579/media-server_defects
Contribute to yinluming13579/media-server_defects development by creating an account on GitHub.
๐จ CVE-2024-24396
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.
๐@cveNotify
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.
๐@cveNotify
Stimulsoft
Reporting tool for NET | ASP.NET | MVC | NET Core | Blazor | PHP | JavaScript | Angular
Our reporting tools includes a royalty-free runtime report writer that is easily deployable on a wide range of platforms, including ASP.NET, WinForms, .NET Core, JavaScript, WPF, Angular, Blazor, PHP, Java, and more.
๐จ CVE-2024-25189
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
๐@cveNotify
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
๐@cveNotify
GitHub
CVE_Request/benmcollins:libjwt.md at main ยท P3ngu1nW/CVE_Request
Contribute to P3ngu1nW/CVE_Request development by creating an account on GitHub.
๐จ CVE-2024-25674
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
๐@cveNotify
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
๐@cveNotify
GitHub
fix: [security] Improved security checks for organisation logo upload ยท MISP/MISP@312d2d5
- As reported by Andrei Agape / Teliacompany
Checks are:
- Maximum file size of 250K since the recommanded picture size is 48x48.
- File extension check
- File mime type checks
Checks are:
- Maximum file size of 250K since the recommanded picture size is 48x48.
- File extension check
- File mime type checks
๐จ CVE-2024-25313
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.
๐@cveNotify
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.
๐@cveNotify
GitHub
CVEs/Simple School Management System/Simple School Managment System - Authentication Bypass - 2.md at main ยท tubakvgc/CVEs
Contribute to tubakvgc/CVEs development by creating an account on GitHub.