EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2557)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution viabackend...

CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...

Book Recording App 2024-09-24 Cross Site Scripting

Exploit Title: Book Recording App - Cross Site Scripting Stored XSS Date: 05/10/2024 Exploit Author: Arif Ari Vendor Homepage: https://www.sourcecodester.com/javascript/17600/book-recording-app-using-htmlcss-vanillajs-source-code.html Software Link:...

Student Attendance Management System 1.0 Insecure Settings

============================================================================================================================================= | Title : Student Attendance Management System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

ASB-A-309938635

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

CVE-2024-6394

A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the servejs function in app.py, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files ...

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to v9.8, which stems from an unverified path connection in the servejs function in app.py. An attacker exploiting this vulnerability can...

Sample Blog Site 1.0 Cross Site Scripting / Remote File Inclusion

============================================================================================================================================= | Title : Sample Blog Site 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...

PHP 8.1.x < 8.1.30 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.30 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non- standard configurations ...

PHP 8.3.x < 8.3.12 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.12. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.12 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non- standard configurations ...

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit

BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

BIT-GITLAB-2024-4660 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates...

Dell 2335dn printer Weak Password Requirements (CVE-2018-15748)

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...

CVE-2024-4660 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates...

CVE-2024-4660 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates...

CVE-2024-4660 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates...

CVE-2024-4660

CVE-2024-4660 concerns GitLab Enterprise Edition (EE). Affected: all versions 11.2–17.1.7, 17.2 up to 17.2.5, and 17.3 up to 17.3.2. Description: a guest could read the source code of a private project by exploiting group templates. Impact: confidentiality loss of private project source code. The...

GitLab 11.2 < 17.1.7 / 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-4660)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was...

openSUSE Security Advisory (SUSE-SU-2024:3173-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...