๐จ CVE-2023-43301
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
๐@cveNotify
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
๐@cveNotify
GitHub
CVE-reports/CVE-2023-43301.md at main ยท syz913/CVE-reports
Contribute to syz913/CVE-reports development by creating an account on GitHub.
๐จ CVE-2023-24333
A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi.
๐@cveNotify
A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi.
๐@cveNotify
GitHub
CVE/TENDA AC21 - CVE-2023-24333 at main ยท caoyebo/CVE
Contribute to caoyebo/CVE development by creating an account on GitHub.
๐จ CVE-2024-25746
Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.
๐@cveNotify
Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.
๐@cveNotify
GitHub
IOT_CVE/tenda/AC9V3/0218/add_white_node.md at main ยท TimeSeg/IOT_CVE
IOT VUl. Contribute to TimeSeg/IOT_CVE development by creating an account on GitHub.
๐จ CVE-2024-25748
A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.
๐@cveNotify
A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.
๐@cveNotify
GitHub
IOT_CVE/tenda/AC9V3/0218/fromSetIpMacBind.md at main ยท TimeSeg/IOT_CVE
IOT VUl. Contribute to TimeSeg/IOT_CVE development by creating an account on GitHub.
๐จ CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
๐@cveNotify
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
๐@cveNotify
Gist
sanitize-html disclose files
sanitize-html disclose files. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-28553
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.
๐@cveNotify
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function.
๐@cveNotify
GitHub
IoT-vulnerable/Tenda/AC18/fromAddressNat_entrys.md at main ยท abcdefg-png/IoT-vulnerable
IoT-vulnerable. Contribute to abcdefg-png/IoT-vulnerable development by creating an account on GitHub.
๐จ CVE-2024-30591
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.
๐@cveNotify
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.
๐@cveNotify
๐จ CVE-2024-30598
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.
๐@cveNotify
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.
๐@cveNotify
๐จ CVE-2024-30624
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function.
๐@cveNotify
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function.
๐@cveNotify
๐จ CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
๐@cveNotify
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
๐@cveNotify
GitHub
GitHub - ally-petitt/CVE-2024-29399: CVE-2024-29399 reference
CVE-2024-29399 reference. Contribute to ally-petitt/CVE-2024-29399 development by creating an account on GitHub.
๐จ CVE-2024-6361
Improper Neutralization vulnerability (XSS) has been discovered in OpenTextโข ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.
๐@cveNotify
Improper Neutralization vulnerability (XSS) has been discovered in OpenTextโข ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.
๐@cveNotify
Microfocus
CVE-2024-6361 Cross Site Scripting vulnerability in ALM Octane
Improper neutralization vulnerability (XSS) has been discovered in OpenTextโข ALM Octane.
The vulnerability could cause remote code execution attack.
The vulnerability could cause remote code execution attack.
๐จ CVE-2024-7578
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
vul/Alien Technology /ALR-F800.md at main ยท Push3AX/vul
Contribute to Push3AX/vul development by creating an account on GitHub.
๐จ CVE-2024-7579
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
vul/Alien Technology /ALR-F800.md at main ยท Push3AX/vul
Contribute to Push3AX/vul development by creating an account on GitHub.
๐จ CVE-2024-7061
Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.
๐@cveNotify
Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.
๐@cveNotify
Okta
Okta Verify release notes for Identity Engine | Okta
Feature updates and fixes in Okta Verify for Identity Engine
๐จ CVE-2023-4024
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.
๐@cveNotify
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.
๐@cveNotify
๐จ CVE-2023-4025
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.
๐@cveNotify
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.
๐@cveNotify
๐จ CVE-2024-41236
A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
๐@cveNotify
A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Responsive School Management System v3.2.0/SQL Injection - Admin.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-42905
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.
๐@cveNotify
Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.
๐@cveNotify
GitHub
VulnerReport/DCN/1.md at cve ยท ZackSecurity/VulnerReport
Contribute to ZackSecurity/VulnerReport development by creating an account on GitHub.
๐จ CVE-2024-44913
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
๐@cveNotify
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
๐@cveNotify
GitHub
GitHub - yuhano/irfanview_Poc: irfanview vulnerability analysis report
irfanview vulnerability analysis report. Contribute to yuhano/irfanview_Poc development by creating an account on GitHub.
๐จ CVE-2024-40956
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
Use list_for_each_entry_safe() to allow iterating through the list and
deleting the entry in the iteration process. The descriptor is freed via
idxd_desc_complete() and there's a slight chance may cause issue for
the list iterator when the descriptor is reused by another thread
without it being deleted from the list.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
Use list_for_each_entry_safe() to allow iterating through the list and
deleting the entry in the iteration process. The descriptor is freed via
idxd_desc_complete() and there's a slight chance may cause issue for
the list iterator when the descriptor is reused by another thread
without it being deleted from the list.
๐@cveNotify
๐จ CVE-2023-42581
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
๐@cveNotify
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
๐@cveNotify