mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
Update CVE sources 2024-08-13 18:35
This commit is contained in:
0xMarcio
parent
11a1d67a71
commit
7e8cbc97be
@ -27,6 +27,7 @@ Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attacker
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/SaitoLab/supercookie
|
||||
- https://github.com/binkeys/k8tools
|
||||
- https://github.com/filip0308/cookie
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/gabrielbauman/evercookie-applet
|
||||
|
||||
@ -46,6 +46,7 @@ Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vist
|
||||
- https://github.com/TamilHackz/windows-exploitation
|
||||
- https://github.com/YSheldon/New
|
||||
- https://github.com/ambynotcoder/C-libraries
|
||||
- https://github.com/binkeys/k8tools
|
||||
- https://github.com/blackend/Diario-RedTem
|
||||
- https://github.com/cyberanand1337x/bug-bounty-2022
|
||||
- https://github.com/fei9747/WindowsElevation
|
||||
|
||||
@ -30,6 +30,7 @@ Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7
|
||||
- https://github.com/ZTK-009/RedTeamer
|
||||
- https://github.com/bibortone/Jexboss
|
||||
- https://github.com/c002/Java-Application-Exploits
|
||||
- https://github.com/ecomtech-oss/pisc
|
||||
- https://github.com/fengjixuchui/RedTeamer
|
||||
- https://github.com/gyanaa/https-github.com-joaomatosf-jexboss
|
||||
- https://github.com/ilmari666/cybsec
|
||||
|
||||
@ -13,5 +13,5 @@ Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vuln
|
||||
- https://hackerone.com/reports/298176
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/EdOverflow/security-template
|
||||
|
||||
|
||||
@ -16,5 +16,6 @@ procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via m
|
||||
|
||||
#### Github
|
||||
- https://github.com/aravinddathd/CVE-2018-1123
|
||||
- https://github.com/ecomtech-oss/pisc
|
||||
- https://github.com/samokat-oss/pisc
|
||||
|
||||
|
||||
@ -68,6 +68,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
|
||||
- https://github.com/awake1t/Awesome-hacking-tools
|
||||
- https://github.com/awsassets/weblogic_exploit
|
||||
- https://github.com/bakery312/Vulhub-Reproduce
|
||||
- https://github.com/binkeys/k8tools
|
||||
- https://github.com/cross2to/betaseclab_tools
|
||||
- https://github.com/cscadoge/weblogic-cve-2018-2628
|
||||
- https://github.com/cyberanand1337x/bug-bounty-2022
|
||||
|
||||
@ -47,6 +47,7 @@ An elevation of privilege vulnerability exists when the Windows Print Spooler se
|
||||
- http://packetstormsecurity.com/files/160993/Microsoft-Spooler-Local-Privilege-Elevation.html
|
||||
|
||||
#### Github
|
||||
- https://github.com/0xMarcio/cve
|
||||
- https://github.com/0xT11/CVE-POC
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/Al1ex/WindowsElevation
|
||||
|
||||
@ -770,6 +770,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
|
||||
- https://github.com/e-hakson/OSCP
|
||||
- https://github.com/eclipse-archived/kuksa.integration
|
||||
- https://github.com/eclipse-scout/scout.rt
|
||||
- https://github.com/ecomtech-oss/pisc
|
||||
- https://github.com/edsonjt81/log4-scanner
|
||||
- https://github.com/edsonjt81/log4j-scan
|
||||
- https://github.com/edsonjt81/nse-log4shell
|
||||
|
||||
@ -137,6 +137,7 @@ It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was i
|
||||
- https://github.com/docker-solr/docker-solr
|
||||
- https://github.com/doris0213/assignments
|
||||
- https://github.com/dtact/divd-2021-00038--log4j-scanner
|
||||
- https://github.com/ecomtech-oss/pisc
|
||||
- https://github.com/edsonjt81/log4-scanner
|
||||
- https://github.com/edsonjt81/log4j-scan
|
||||
- https://github.com/edsonjt81/nse-log4shell
|
||||
|
||||
17
2023/CVE-2023-1209.md
Normal file
17
2023/CVE-2023-1209.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2023-1209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1209)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://www.linkedin.com/in/osamay/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -10,7 +10,7 @@ ServiceNow has released upgrades and patches that address a Reflected Cross-Site
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://www.linkedin.com/in/osamay/
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -16,4 +16,5 @@ Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagra
|
||||
- https://github.com/ForceFledgling/CVE-2023-1713
|
||||
- https://github.com/k1rurk/check_bitrix
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
|
||||
@ -10,6 +10,7 @@ Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/anh91/uasoft-indonesia--badaso/blob/main/XSS2.md
|
||||
- https://panda002.hashnode.dev/badaso-version-297-has-an-xss-vulnerability-in-add-books
|
||||
|
||||
#### Github
|
||||
|
||||
@ -14,4 +14,5 @@ Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
|
||||
@ -1,54 +1,11 @@
|
||||
### [CVE-2023-46280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46280)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
%20V15.1&color=blue)
|
||||
%20V16&color=blue)
|
||||
%20V17&color=blue)
|
||||
%20V18&color=blue)
|
||||
%20V19&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
|
||||
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
|
||||
|
||||
### POC
|
||||
|
||||
|
||||
17
2023/CVE-2023-48171.md
Normal file
17
2023/CVE-2023-48171.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2023-48171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48171)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gccybermonks.com/posts/defectdojo/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -51,6 +51,7 @@ A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi
|
||||
- https://github.com/b4k3d/POC_CVE4911
|
||||
- https://github.com/beruangsalju/LocalPrivilegeEscalation
|
||||
- https://github.com/chaudharyarjun/LooneyPwner
|
||||
- https://github.com/ecomtech-oss/pisc
|
||||
- https://github.com/feereel/wb_soc
|
||||
- https://github.com/fiksn/security-nix
|
||||
- https://github.com/flex0geek/cves-exploits
|
||||
|
||||
17
2024/CVE-2024-21550.md
Normal file
17
2024/CVE-2024-21550.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-21550](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21550)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -32,6 +32,7 @@ runc is a CLI tool for spawning and running containers on Linux according to the
|
||||
- https://github.com/bfengj/Cloud-Security
|
||||
- https://github.com/cdxiaodong/CVE-2024-21626
|
||||
- https://github.com/dorser/cve-2024-21626
|
||||
- https://github.com/ecomtech-oss/pisc
|
||||
- https://github.com/fireinrain/github-trending
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/jafshare/GithubTrending
|
||||
|
||||
17
2024/CVE-2024-2177.md
Normal file
17
2024/CVE-2024-2177.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-2177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2177)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gitlab.com/gitlab-org/gitlab/-/issues/444467
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-2259.md
Normal file
17
2024/CVE-2024-2259.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-2259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2259)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -13,5 +13,5 @@ In multiple locations, there is a possible out of bounds write due to a heap buf
|
||||
- https://android.googlesource.com/platform/external/sonivox/+/3f798575d2d39cd190797427d13471d6e7ceae4c
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
|
||||
17
2024/CVE-2024-27442.md
Normal file
17
2024/CVE-2024-27442.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-27442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27442)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
18
2024/CVE-2024-27443.md
Normal file
18
2024/CVE-2024-27443.md
Normal file
@ -0,0 +1,18 @@
|
||||
### [CVE-2024-27443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27443)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/nhiephon/Research
|
||||
|
||||
@ -84,6 +84,7 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers
|
||||
- https://github.com/dparksports/detect_intrusion
|
||||
- https://github.com/drdry2/CVE-2024-3094-EXPLOIT
|
||||
- https://github.com/duytruongpham/duytruongpham
|
||||
- https://github.com/ecomtech-oss/pisc
|
||||
- https://github.com/emirkmo/xz-backdoor-github
|
||||
- https://github.com/enomothem/PenTestNote
|
||||
- https://github.com/felipecosta09/cve-2024-3094
|
||||
|
||||
18
2024/CVE-2024-31315.md
Normal file
18
2024/CVE-2024-31315.md
Normal file
@ -0,0 +1,18 @@
|
||||
### [CVE-2024-31315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31315)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/uthrasri/frameworks_base_CVE-2024-31315
|
||||
|
||||
17
2024/CVE-2024-33533.md
Normal file
17
2024/CVE-2024-33533.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-33533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33533)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file and crafting a URL containing its location in the packages parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-33535.md
Normal file
17
2024/CVE-2024-33535.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-33535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33535)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-33536.md
Normal file
17
2024/CVE-2024-33536.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-33536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33536)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -14,4 +14,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
|
||||
17
2024/CVE-2024-36877.md
Normal file
17
2024/CVE-2024-36877.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-36877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36877)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://jjensn.com/at-home-in-your-firmware/
|
||||
|
||||
#### Github
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
17
2024/CVE-2024-37935.md
Normal file
17
2024/CVE-2024-37935.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-37935](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37935)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38530.md
Normal file
17
2024/CVE-2024-38530.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38530)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38688.md
Normal file
17
2024/CVE-2024-38688.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38688)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Missing Authorization vulnerability in Igor Benić Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38699.md
Normal file
17
2024/CVE-2024-38699.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38699](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38699)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
18
2024/CVE-2024-38724.md
Normal file
18
2024/CVE-2024-38724.md
Normal file
@ -0,0 +1,18 @@
|
||||
### [CVE-2024-38724](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38724)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38742.md
Normal file
17
2024/CVE-2024-38742.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38742](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38742)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38747.md
Normal file
17
2024/CVE-2024-38747.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38747)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38749.md
Normal file
17
2024/CVE-2024-38749.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38749)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38752.md
Normal file
17
2024/CVE-2024-38752.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38752)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38756.md
Normal file
17
2024/CVE-2024-38756.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38756)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38760.md
Normal file
17
2024/CVE-2024-38760.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38760)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38787.md
Normal file
17
2024/CVE-2024-38787.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38787)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-39091.md
Normal file
17
2024/CVE-2024-39091.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-39091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39091)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://joerngermany.github.io/mipc_vulnerability/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
18
2024/CVE-2024-39642.md
Normal file
18
2024/CVE-2024-39642.md
Normal file
@ -0,0 +1,18 @@
|
||||
### [CVE-2024-39642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39642)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
18
2024/CVE-2024-39651.md
Normal file
18
2024/CVE-2024-39651.md
Normal file
@ -0,0 +1,18 @@
|
||||
### [CVE-2024-39651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39651)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-40500.md
Normal file
17
2024/CVE-2024-40500.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-40500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40500)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://nitipoom-jar.github.io/CVE-2024-40500/
|
||||
|
||||
#### Github
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
17
2024/CVE-2024-40697.md
Normal file
17
2024/CVE-2024-40697.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-40697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40697)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-41651.md
Normal file
17
2024/CVE-2024-41651.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-41651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41651)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
### Description
|
||||
|
||||
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.
|
||||
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.
|
||||
|
||||
### POC
|
||||
|
||||
|
||||
17
2024/CVE-2024-42258.md
Normal file
17
2024/CVE-2024-42258.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42258)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the Linux kernel, the following vulnerability has been resolved:mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machinesYves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don'tforce huge page alignment on 32 bit") didn't work for x86_32 [1]. It isbecause x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT.!CONFIG_64BIT should cover all 32 bit machines.[1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42477.md
Normal file
17
2024/CVE-2024-42477.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42477)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42478.md
Normal file
17
2024/CVE-2024-42478.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42478)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address reading. This vulnerability is fixed in b3561.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42479.md
Normal file
17
2024/CVE-2024-42479.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42479)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42520.md
Normal file
17
2024/CVE-2024-42520.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42520)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43121.md
Normal file
17
2024/CVE-2024-43121.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43121)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43128.md
Normal file
17
2024/CVE-2024-43128.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43128)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43129.md
Normal file
17
2024/CVE-2024-43129.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43129)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43131.md
Normal file
17
2024/CVE-2024-43131.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43131)
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43135.md
Normal file
17
2024/CVE-2024-43135.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43135)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43220.md
Normal file
17
2024/CVE-2024-43220.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43220](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43220)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43224.md
Normal file
17
2024/CVE-2024-43224.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43224)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43225.md
Normal file
17
2024/CVE-2024-43225.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43225)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43226.md
Normal file
17
2024/CVE-2024-43226.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43226)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43227.md
Normal file
17
2024/CVE-2024-43227.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43227)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper BetterDocs allows Stored XSS.This issue affects BetterDocs: from n/a through 3.5.8.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43231.md
Normal file
17
2024/CVE-2024-43231.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43231)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43233.md
Normal file
17
2024/CVE-2024-43233.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43233)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43358.md
Normal file
17
2024/CVE-2024-43358.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43358](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43358)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43359.md
Normal file
17
2024/CVE-2024-43359.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43359](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43359)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-43360.md
Normal file
17
2024/CVE-2024-43360.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43360)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
### [CVE-2024-4871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4871)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
17
2024/CVE-2024-5430.md
Normal file
17
2024/CVE-2024-5430.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-5430](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5430)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gitlab.com/gitlab-org/gitlab/-/issues/464017
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-6558.md
Normal file
17
2024/CVE-2024-6558.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-6558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6558)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
HMS Industrial NetworksAnybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
18
2024/CVE-2024-6639.md
Normal file
18
2024/CVE-2024-6639.md
Normal file
@ -0,0 +1,18 @@
|
||||
### [CVE-2024-6639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6639)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-6724.md
Normal file
17
2024/CVE-2024-6724.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-6724](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6724)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://wpscan.com/vulnerability/0cb3158a-263d-4c4a-8029-62b453c281cb/
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
22
2024/CVE-2024-6768.md
Normal file
22
2024/CVE-2024-6768.md
Normal file
@ -0,0 +1,22 @@
|
||||
### [CVE-2024-6768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6768)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://www.fortra.com/security/advisories/research/fr-2024-001
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
17
2024/CVE-2024-6823.md
Normal file
17
2024/CVE-2024-6823.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-6823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6823)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-6917.md
Normal file
17
2024/CVE-2024-6917.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-6917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6917)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7092.md
Normal file
17
2024/CVE-2024-7092.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7092)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7094.md
Normal file
17
2024/CVE-2024-7094.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7094)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7247.md
Normal file
17
2024/CVE-2024-7247.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7247)
|
||||
&color=blue)
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7388.md
Normal file
17
2024/CVE-2024-7388.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7388](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7388)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7589.md
Normal file
17
2024/CVE-2024-7589.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7589)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
17
2024/CVE-2024-7590.md
Normal file
17
2024/CVE-2024-7590.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7590)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Spectra allows Stored XSS.This issue affects Spectra: from n/a through 2.14.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7637.md
Normal file
17
2024/CVE-2024-7637.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7637)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in code-projects Online Polling 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file registeracc.php of the component Registration. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/space-security/cve/issues/3
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7643.md
Normal file
17
2024/CVE-2024-7643.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7643)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/joinia/webray.com.cn/blob/main/Leads-Manager-Tool/leadmanagersql.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7644.md
Normal file
17
2024/CVE-2024-7644.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7644)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/joinia/webray.com.cn/blob/main/Leads-Manager-Tool/leadmanagerxss.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7661.md
Normal file
17
2024/CVE-2024-7661.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7661)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20CSRF-1.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7662.md
Normal file
17
2024/CVE-2024-7662.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7662)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. This vulnerability affects the function save_package of the file admin/packages/manag_package.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20CSRF-2.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7664.md
Normal file
17
2024/CVE-2024-7664.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7664)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability classified as critical has been found in SourceCodester Car Driving School Management System 1.0. Affected is an unknown function of the file view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-2.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7665.md
Normal file
17
2024/CVE-2024-7665.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7665)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability classified as critical was found in SourceCodester Car Driving School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_package.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-3.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7667.md
Normal file
17
2024/CVE-2024-7667.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7667)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability, which was classified as critical, was found in SourceCodester Car Driving School Management System 1.0. This affects the function delete_users of the file User.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-5.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7669.md
Normal file
17
2024/CVE-2024-7669.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7669)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This issue affects the function delete_enrollment of the file Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-7.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7676.md
Normal file
17
2024/CVE-2024-7676.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7676)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in Sourcecodester Car Driving School Management System 1.0. It has been classified as critical. Affected is the function save_package of the file /classes/Master.php?f=save_package. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-8.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7680.md
Normal file
17
2024/CVE-2024-7680.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7680)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /incedit.php?id=4. The manipulation of the argument id/inccat/desc/date/amount leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/chenzg22/cve/issues/1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7682.md
Normal file
17
2024/CVE-2024-7682.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7682)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in code-projects Job Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file rw_i_nat.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/space-security/cve/issues/7
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-7704.md
Normal file
17
2024/CVE-2024-7704.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7704)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/Dreamy-elfland/240731
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7705.md
Normal file
17
2024/CVE-2024-7705.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7705)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7706.md
Normal file
17
2024/CVE-2024-7706.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7706)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/DeepMountains/Mirage/blob/main/CVE12-2.md
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-7707.md
Normal file
17
2024/CVE-2024-7707.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-7707](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7707)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/VodkaVortex/IoT/blob/main/formSafeEmailFilter.md
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user