๐จ CVE-2024-6204
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
๐@cveNotify
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
๐@cveNotify
Manageengine
CVE-2024-6204 - Authenticated SQL injection vulnerability in Exchange Reporter Plus
This page covers the details of the vulnerability in Exchange Reporter Plus and the reported incident's response plan if your system is affected.
๐จ CVE-2024-8235
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
๐@cveNotify
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
๐@cveNotify
๐จ CVE-2024-8344
A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
cve_report/supplier-management-system/SQLi-2.md at main ยท yooo0oo0/cve_report
Contribute to yooo0oo0/cve_report development by creating an account on GitHub.
๐จ CVE-2024-8345
A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
cve/sql3.md at main ยท GAO-UNO/cve
Contribute to GAO-UNO/cve development by creating an account on GitHub.
๐จ CVE-2024-37955
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider โ All in One Block Slider allows Stored XSS.This issue affects GutSlider โ All in One Block Slider: from n/a through 2.7.3.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zakaria Binsaifullah GutSlider โ All in One Block Slider allows Stored XSS.This issue affects GutSlider โ All in One Block Slider: from n/a through 2.7.3.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress GutSlider โ All in One Block Slider Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-37956
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress VK All in One Expansion Unit Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-37957
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Bradmax Player Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-39838
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.
๐@cveNotify
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device.
๐@cveNotify
jvn.jp
JVN#70666401: Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN
Japan Vulnerability Notes
โค1
๐จ CVE-2024-41720
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.
๐@cveNotify
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.
๐@cveNotify
jvn.jp
JVN#70666401: Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN
Japan Vulnerability Notes
โค1
๐จ CVE-2024-41889
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.
๐@cveNotify
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.
๐@cveNotify
GitHub
GitHub - OpenMAR/PiTool: Provide interactive interfaces for Pimax products (such as HMD, controllers, base stations, etc.) to users
Provide interactive interfaces for Pimax products (such as HMD, controllers, base stations, etc.) to users - OpenMAR/PiTool
๐1
๐จ CVE-2024-6117
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.
๐@cveNotify
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.
๐@cveNotify
zuso.ai
ZUSO Generation ๅฆๆขญไธไปฃ
็บๅฐ็ฃๆฌๅๅฐๆฅญไน่ณ่จๅฎๅ
จๆๅๆฅญ่
๏ผๆๅๅ้ๅ
ทๅ่ถ
้ 10 ๅนดไปฅไธ้งญๅฎขๆปๆๆๆณๅ่ฑๅฏๅจ่
ๅๆ็ถๆญท๏ผๅฐ็บไผๆฅญ็ต็นๆไพๅฎข่ฃฝๅ่ณๅฎๆๅ่งฃๆฑบๆนๆกใ
๐จ CVE-2024-6118
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other usersโ credentials and gain access to the product via an XML file.
๐@cveNotify
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other usersโ credentials and gain access to the product via an XML file.
๐@cveNotify
zuso.ai
ZUSO Generation ๅฆๆขญไธไปฃ
็บๅฐ็ฃๆฌๅๅฐๆฅญไน่ณ่จๅฎๅ
จๆๅๆฅญ่
๏ผๆๅๅ้ๅ
ทๅ่ถ
้ 10 ๅนดไปฅไธ้งญๅฎขๆปๆๆๆณๅ่ฑๅฏๅจ่
ๅๆ็ถๆญท๏ผๅฐ็บไผๆฅญ็ต็นๆไพๅฎข่ฃฝๅ่ณๅฎๆๅ่งฃๆฑบๆนๆกใ
๐จ CVE-2022-36374
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.
๐@cveNotify
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.
๐@cveNotify
Intel
INTEL-SA-00908
๐จ CVE-2023-22285
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
๐@cveNotify
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
๐@cveNotify
Intel
INTEL-SA-00963
๐จ CVE-2023-22448
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
๐@cveNotify
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
๐@cveNotify
Intel
INTEL-SA-00963
๐จ CVE-2023-32279
Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.
๐@cveNotify
Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.
๐@cveNotify
Intel
INTEL-SA-00944
๐จ CVE-2024-0226
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.
๐@cveNotify
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.
๐@cveNotify
๐จ CVE-2023-46943
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
๐@cveNotify
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
๐@cveNotify
๐จ CVE-2023-51070
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
๐@cveNotify
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
๐@cveNotify
GitHub
CVEs/QStar Archive Solutions/CVE-2023-51070.md at main ยท Oracle-Security/CVEs
A repository of exploits that I have discovered. These are disclosed responsibly and vendors have been contacted. In any instance where it works against the live version, the vendor has not respond...
๐จ CVE-2023-5558
The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
๐@cveNotify
The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
๐@cveNotify
WPScan
LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting
See details on LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting CVE 2023-5558. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2023-7154
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
๐@cveNotify
The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
๐@cveNotify
WPScan
Hubbub Lite < 1.32.0 - Admin+ Stored XSS
See details on Hubbub Lite < 1.32.0 - Admin+ Stored XSS CVE 2023-7154. View the latest Plugin Vulnerabilities on WPScan.
๐1