Sermon'e – Sermons Online Security Vulnerabilities

CVE-2024-4820

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

CVE-2024-4819

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads to improper authorization. It is possible to launch the...

CVE-2024-4819

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads to improper authorization. It is possible to launch the...

CVE-2024-4818

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

CVE-2024-4818

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

CVE-2024-4817

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of...

CVE-2024-4817

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of...

CVE-2024-4798

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

CVE-2024-4798

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

CVE-2024-4797

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customer_name/username leads to cross site scripting. The attack can be initiated...

CVE-2024-4797

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customer_name/username leads to cross site scripting. The attack can be initiated...

CVE-2024-4796

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as critical. This affects an unknown part of the file /manage_inv.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-4796

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as critical. This affects an unknown part of the file /manage_inv.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-4795

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2024-4795

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2024-4794

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_receiving.php. The manipulation of the argument id leads to sql injection. The attack can be launched...

CVE-2024-4794

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_receiving.php. The manipulation of the argument id leads to sql injection. The attack can be launched...

CVE-2024-4793

A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0. Affected is an unknown function of the file /manage_laundry.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has....

CVE-2024-4793

A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0. Affected is an unknown function of the file /manage_laundry.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has....

CVE-2024-4792

A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /admin_class.php. The manipulation of the argument...

CVE-2024-4792

A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /admin_class.php. The manipulation of the argument...

CVE-2024-32985

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online...

CVE-2024-32985

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online...

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...

CVE-2024-3579 XSS in Online Shopping System Advanced

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's...

CVE-2024-3579 XSS in Online Shopping System Advanced

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's...

May 14, 2024—KB5037765 (OS Build 17763.5820)

May 14, 2024—KB5037765 (OS Build 17763.5820) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598)

Description of the security update for SharePoint Enterprise Server 2016: May 14, 2024 (KB5002598) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...

May 14, 2024—KB5037770 (OS Build 22000.2960)

May 14, 2024—KB5037770 (OS Build 22000.2960) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out...

May 14, 2024—KB5037781 (OS Build 25398.887)

May 14, 2024—KB5037781 (OS Build 25398.887) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599)

Description of the security update for SharePoint Server Subscription Edition: May 14, 2024 (KB5002599) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about.....

May 14, 2024—KB5037771 (OS Builds 22621.3593 and 22631.3593)

May 14, 2024—KB5037771 (OS Builds 22621.3593 and 22631.3593) 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise and Education editions. Home and Pro editions of version 22H2 will...

May 14, 2024—KB5037782 (OS Build 20348.2461)

May 14, 2024—KB5037782 (OS Build 20348.2461) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...

Description of the security update for SharePoint Server 2019: May 14, 2024 (KB5002596)

Description of the security update for SharePoint Server 2019: May 14, 2024 (KB5002596) Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the...

May 14, 2024—KB5037768 (OS Builds 19044.4412 and 19045.4412)

May 14, 2024—KB5037768 (OS Builds 19044.4412 and 19045.4412) 03/12/24 IMPORTANT The following editions of Windows 10, version 21H2 will reach end of service on June 11, 2024:- Windows 10 Enterprise and Education- Windows 10 IoT Enterprise- Windows 10 Enterprise multi-sessionAfter that date, these.....

Description of the security update for Excel 2016: May 14, 2024 (KB5002587)

Description of the security update for Excel 2016: May 14, 2024 (KB5002587) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-30042. Note: To apply this...

Microsoft Excel Remote Code Execution Vulnerability

...

Description of the security update for Office Online Server: May 14, 2024 (KB5002503)

Description of the security update for Office Online Server: May 14, 2024 (KB5002503) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisory:​​​​ Microsoft Excel Remote Code Execution...

FreeBSD : chromium -- multiple security fixes (8e0e8b56-11c6-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8e0e8b56-11c6-11ef-9f97-a8a1599412c6 advisory. Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform.....

Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6767-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the...

Future of eCommerce: Emerging Technologies Shaping Online Retail in 2024

By Uzair Amir Top-notch stores are moving online as eCommerce continues to lead with breakthrough innovations that are transforming global business… This is a post from HackRead.com Read the original post: Future of eCommerce: Emerging Technologies Shaping Online Retail in...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....

CVE-2024-4819 Campcodes Online Laundry Management System admin_class.php improper authorization

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads to improper authorization. It is possible to launch the...

CVE-2024-4819 Campcodes Online Laundry Management System admin_class.php improper authorization

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads to improper authorization. It is possible to launch the...

CVE-2024-4818 Campcodes Online Laundry Management System index.php file inclusion

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

CVE-2024-4818 Campcodes Online Laundry Management System index.php file inclusion

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of...

CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of...