๐จ CVE-2024-26491
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.
๐@cveNotify
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.
๐@cveNotify
GitHub
cms/1.md at main ยท 2111715623/cms
Contribute to 2111715623/cms development by creating an account on GitHub.
๐จ CVE-2023-51835
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
๐@cveNotify
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
๐@cveNotify
Mah's Notion on Notion
TEW-822DRE | Notion
Vulnerability Description
๐จ CVE-2023-49543
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
๐@cveNotify
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
๐@cveNotify
GitHub
GitHub - geraldoalcantara/CVE-2023-49543: Book Store Management System v1.0 - Incorrect Access Control
Book Store Management System v1.0 - Incorrect Access Control - GitHub - geraldoalcantara/CVE-2023-49543: Book Store Management System v1.0 - Incorrect Access Control
๐จ CVE-2024-29435
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.
๐@cveNotify
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.
๐@cveNotify
Gist
CVE-2024-29435
CVE-2024-29435. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-25187
Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
๐@cveNotify
Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
๐@cveNotify
Gist
CVE-2024-25187
CVE-2024-25187. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-35344
Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.
๐@cveNotify
Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.
๐@cveNotify
๐จ CVE-2024-42464
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42464 Leak of user Information
Severity: High
CVE ID: CVE-2024-42464
Details
This advisory address a vulnerability where users can access information about other users. Vulnerability reported and patched in the following upKeep...
CVE ID: CVE-2024-42464
Details
This advisory address a vulnerability where users can access information about other users. Vulnerability reported and patched in the following upKeep...
๐จ CVE-2024-42465
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42465 Lack of resources and rate limiting - two factor authentication
Severity: Critical
CVE ID: CVE-2024-42465
Details
This advisory address a vulnerability where users can make unlimited number of two factor authentication login attempts.
Applicability
Product ...
CVE ID: CVE-2024-42465
Details
This advisory address a vulnerability where users can make unlimited number of two factor authentication login attempts.
Applicability
Product ...
๐จ CVE-2024-42466
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42466 Lack of resources and rate limiting - login
Severity: Critical
CVE ID: CVE-2024-42466
Details
This advisory address a vulnerability where users can make unlimited number of login attempts (username and password).
Applicability
Product Na...
CVE ID: CVE-2024-42466
Details
This advisory address a vulnerability where users can make unlimited number of login attempts (username and password).
Applicability
Product Na...
๐จ CVE-2024-42913
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
๐@cveNotify
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
๐@cveNotify
GitHub
kkll5875 - Overview
kkll5875 has 14 repositories available. Follow their code on GitHub.
๐จ CVE-2024-42851
Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function.
๐@cveNotify
Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function.
๐@cveNotify
GitHub
fuzzing/exiftags at main ยท T1anyang/fuzzing
find of fuzzing. Contribute to T1anyang/fuzzing development by creating an account on GitHub.
๐จ CVE-2024-44761
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
๐@cveNotify
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
๐@cveNotify
GitHub
web_vul/EQ/EQEMS.md at main ยท WarmBrew/web_vul
Contribute to WarmBrew/web_vul development by creating an account on GitHub.
๐จ CVE-2024-34195
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
๐@cveNotify
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
๐@cveNotify
Gist
TOTOLINK-A3002R-V1.1.1-B20200824-Poc.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-42793
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
๐@cveNotify
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Music Management System v1.0/CSRF - Edit User.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-43805
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users are advised to upgrade. There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: 1. `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations. 2. `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews. 3. `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x. To disable these extensions run: ```jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin && jupyter labextension disable @jupyterlab/mathjax-extension:plugin && jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in bash.
๐@cveNotify
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users are advised to upgrade. There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: 1. `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations. 2. `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews. 3. `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x. To disable these extensions run: ```jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin && jupyter labextension disable @jupyterlab/mathjax-extension:plugin && jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in bash.
๐@cveNotify
GitHub
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
### Impact
The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.
A malicious user can access an...
The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.
A malicious user can access an...
๐จ CVE-2024-7853
A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/view_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/view_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
cve/Yoga_sql.md at main ยท Wsstiger/cve
Contribute to Wsstiger/cve development by creating an account on GitHub.
๐จ CVE-2024-42462
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42462 Bypass multifactor authentication
Severity: Critical
CVE ID: CVE-2024-42462
Details
This advisory address a vulnerability in the administration login process where required multi factor authentication can be bypassed. Vulnerability...
CVE ID: CVE-2024-42462
Details
This advisory address a vulnerability in the administration login process where required multi factor authentication can be bypassed. Vulnerability...
๐จ CVE-2024-42463
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42463 Leak of organizations messages
Severity: High
CVE ID: CVE-2024-42463
Details
This advisory address a vulnerability where organization messages can be read without proper authorization. This vulnerability reported and patched in...
CVE ID: CVE-2024-42463
Details
This advisory address a vulnerability where organization messages can be read without proper authorization. This vulnerability reported and patched in...
๐จ CVE-2024-42466
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42466 Lack of resources and rate limiting - login
Severity: Critical
CVE ID: CVE-2024-42466
Details
This advisory address a vulnerability where users can make unlimited number of login attempts (username and password).
Applicability
Product Na...
CVE ID: CVE-2024-42466
Details
This advisory address a vulnerability where users can make unlimited number of login attempts (username and password).
Applicability
Product Na...
๐จ CVE-2024-25893
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
๐@cveNotify
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
๐@cveNotify
GitHub
Security Bug: SQL injections on Fundraiser Reports ยท Issue #6856 ยท ChurchCRM/CRM
If you have the ChurchCRM software running, please file an issue using the Report an issue in the help menu. On what page in the application did you find this issue? /Reports/FRCertificates.php /Re...
๐จ CVE-2024-26445
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php
๐@cveNotify
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php
๐@cveNotify
GitHub
cms/1.md at main ยท xiaolanjing0/cms
Contribute to xiaolanjing0/cms development by creating an account on GitHub.