KiviCare – Clinic & Patient Management System (EHR) Security Vulnerabilities

CVE-2024-5403 ASKEY 5G NR Small Cell - Command Injection

ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2024-28793

Summary Vulnerability CVE-2024-28793 affects the Team Concert Git plugin of IBM Engineering Workflow Management (EWM). Vulnerability Details ** CVEID: CVE-2024-28793 DESCRIPTION: **IBM Engineering Workflow Management is vulnerable to stored cross-site scripting. Under certain configurations, this.....

CVE-2024-5400

Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote...

CVE-2024-5400 Openfind Mail2000 - OS Command Injection

Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote...

CVE-2024-5399

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote...

CVE-2024-5399 Openfind Mail2000 - OS Command Injection

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote...

CVE-2024-5395

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-5397

A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file instructorSubjects.php. The manipulation of the argument instructorId leads to sql injection. The attack can be launched...

CVE-2024-5396

A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-5397 itsourcecode Online Student Enrollment System instructorSubjects.php sql injection

A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file instructorSubjects.php. The manipulation of the argument instructorId leads to sql injection. The attack can be launched...

CVE-2024-5396 itsourcecode Online Student Enrollment System newfaculty.php sql injection

A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-5395 itsourcecode Online Student Enrollment System listofinstructor.php sql injection

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-5393

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file listofcourse.php. The manipulation of the argument idno leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2024-5394

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file newDept.php. The manipulation of the argument deptname leads to sql injection. The attack can be initiated remotely. The exploit has....

CVE-2024-5392

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file editSubject.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit.....

CVE-2024-5394 itsourcecode Online Student Enrollment System newDept.php sql injection

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file newDept.php. The manipulation of the argument deptname leads to sql injection. The attack can be initiated remotely. The exploit has....

CVE-2024-5393 itsourcecode Online Student Enrollment System listofcourse.php sql injection

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file listofcourse.php. The manipulation of the argument idno leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2024-5391

A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file listofsubject.php. The manipulation of the argument subjcode leads to sql injection. The attack can be launched...

CVE-2024-5390

A vulnerability, which was classified as critical, was found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file listofstudent.php. The manipulation of the argument lname leads to sql injection. It is possible to launch the attack remotely. The exploit....

CVE-2024-5392 itsourcecode Online Student Enrollment System editSubject.php sql injection

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file editSubject.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit.....

CVE-2024-5391 itsourcecode Online Student Enrollment System listofsubject.php sql injection

A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file listofsubject.php. The manipulation of the argument subjcode leads to sql injection. The attack can be launched...

CVE-2024-5385

A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input confirm (document.cookie) leads.....

CVE-2024-5390 itsourcecode Online Student Enrollment System listofstudent.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file listofstudent.php. The manipulation of the argument lname leads to sql injection. It is possible to launch the attack remotely. The exploit....

CVE-2024-5385 oretnom23 Online Car Wash Booking System cross site scripting

A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input confirm (document.cookie) leads.....

Debian dla-3823 : less - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3823 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3823-1 [email protected] ...

K000139793: MacOS vulnerability CVE-2023-41993

Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7....

ROS-20240527-04

A vulnerability in the Git distributed version control system exists due to a process control issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when cloning specially crafted local repositories A vulnerability in the Git distributed version control system...

Nexus Repository 3.x < 3.68.1 Path Traversal

Nexus Repository version 3.x prior to 3.68.1 is affected by a Path Traversal allowing an attacker to create a URL returning any file for download, including system files outside the scope of the Nexus Repository application, without any...

Atlassian Jira Service Management Data Center and Server < 5.4.20 / 5.5.x < 5.12.7 / 5.13.x < 5.15.2 Broken Access Control (JSDSERVER-15307)

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15307 advisory. In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to...

ElkArte Forum 1.1.9 Remote Code Execution

...

CVE-2024-5381

A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The...

CVE-2024-36056

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege...

CVE-2024-36056

Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege...

CVE-2024-5381 itsourcecode Student Information Management System view.php sql injection

A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The...

CVE-2024-5378

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql injection. The attack can be initiated...

CVE-2024-5378 SourceCodester School Intramurals Student Attendance Management System manage_sy.php sql injection

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql injection. The attack can be initiated...

CVE-2024-5376

A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file view_each_faculty.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The...

CVE-2024-5377

A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

CVE-2024-5377 SourceCodester Vehicle Management System newvehicle.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

CVE-2024-5376 Kashipara College Management System view_each_faculty.php cross site scripting

A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file view_each_faculty.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The...

CVE-2024-5374

A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submit_new_faculty.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The.....

CVE-2024-5375

A vulnerability has been found in Kashipara College Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file submit_student.php. The manipulation of the argument address leads to cross site scripting. The attack can be launched...

CVE-2024-5375 Kashipara College Management System submit_student.php cross site scripting

A vulnerability has been found in Kashipara College Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file submit_student.php. The manipulation of the argument address leads to cross site scripting. The attack can be launched...

CVE-2024-5374 Kashipara College Management System submit_new_faculty.php cross site scripting

A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submit_new_faculty.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The.....

CVE-2024-5373

A vulnerability, which was classified as problematic, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file submit_login.php. The manipulation of the argument usertype leads to cross site scripting. The attack may be initiated remotely....

CVE-2024-5372

A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of the argument activity_contact leads to cross site scripting. The attack can be initiated...

CVE-2024-5373 Kashipara College Management System submit_login.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file submit_login.php. The manipulation of the argument usertype leads to cross site scripting. The attack may be initiated remotely....

CVE-2024-5372 Kashipara College Management System submit_extracurricular_activity.php cross site scripting

A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of the argument activity_contact leads to cross site scripting. The attack can be initiated...

CVE-2024-5371

A vulnerability classified as problematic has been found in Kashipara College Management System 1.0. This affects an unknown part of the file submit_enroll_student.php. The manipulation of the argument class_name leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2024-5370

A vulnerability was found in Kashipara College Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file submit_enroll_staff.php. The manipulation of the argument class_name leads to cross site scripting. The attack may be launched...