๐จ CVE-2024-28270
An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.
๐@cveNotify
An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.
๐@cveNotify
GitHub
GitHub - bcvgh/web-flash-Broken-Access-Control-vulnerability: web-flash v3.0 Broken Access Control vulnerability
web-flash v3.0 Broken Access Control vulnerability - bcvgh/web-flash-Broken-Access-Control-vulnerability
๐จ CVE-2024-23078
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).
๐@cveNotify
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).
๐@cveNotify
๐จ CVE-2024-23085
Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]).
๐@cveNotify
Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]).
๐@cveNotify
๐จ CVE-2024-23086
Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double.
๐@cveNotify
Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double.
๐@cveNotify
๐จ CVE-2024-24279
An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions.
๐@cveNotify
An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions.
๐@cveNotify
GitHub
Password and fingerprint authentication vulnerabilities of biometric fingerprint USB3.0 memory (NewQ)
### **Impact**
Password and fingerprint authentication vulnerabilities allow malicious attackers to bypass authentication without the correct password or fingerprint information. Exploiting these ...
Password and fingerprint authentication vulnerabilities allow malicious attackers to bypass authentication without the correct password or fingerprint information. Exploiting these ...
๐จ CVE-2024-3463
A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259744.
๐@cveNotify
A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259744.
๐@cveNotify
GitHub
CVE/LaundryManagementSystemXSS.md at main ยท fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
๐จ CVE-2024-3464
A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability.
๐@cveNotify
GitHub
CVE/LaundryManagementSystemSQL2.md at main ยท fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
๐จ CVE-2024-27630
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
๐@cveNotify
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
๐@cveNotify
Medium
How I Found 3 CVEs in 2 Days
Author: Ally Petitt
๐จ CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
๐@cveNotify
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
๐@cveNotify
๐จ CVE-2024-3465
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.
๐@cveNotify
GitHub
CVE/LaundryManagementSystemSQL3.md at main ยท fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
๐จ CVE-2024-3466
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.
๐@cveNotify
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.
๐@cveNotify
GitHub
CVE/LaundryManagementSystemSQL4.md at main ยท fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
๐จ CVE-2024-0082
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering
๐@cveNotify
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering
๐@cveNotify
๐จ CVE-2024-0083
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.
๐@cveNotify
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure.
๐@cveNotify
๐จ CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
๐@cveNotify
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
๐@cveNotify
Medium
How I Found 3 CVEs in 2 Days
Author: Ally Petitt
๐จ CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
๐@cveNotify
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
๐@cveNotify
Packetstormsecurity
CallStranger UPnP Vulnerability Checker โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
๐จ CVE-2020-8284
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
๐@cveNotify
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
๐@cveNotify
๐จ CVE-2023-40551
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
๐@cveNotify
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
๐@cveNotify
๐จ CVE-2022-47037
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
๐@cveNotify
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
๐@cveNotify
๐จ CVE-2024-31135
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
๐@cveNotify
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
๐@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
๐จ CVE-2024-31137
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
๐@cveNotify
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
๐@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
๐จ CVE-2024-22949
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation.
๐@cveNotify
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation.
๐@cveNotify