1306 matches found
CVE-2024-11007
Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability
An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...
CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability
An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...
CVE-2024-43415
CVE-2024-43415 — A SQL injection in the decidim_awesome-module (papertrail/version-model) allows an authenticated admin to manipulate SQL queries in vulnerable versions (0.9.0–0.11.1). This can lead to information disclosure, filesystem read/write, or remote code execution. Root cause: improper n...
CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability
An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...
PT-2024-34141 · Ivanti · Ivanti Endpoint Manager
Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update Description: The issue allows a remote authenticated attacker with admin privileges to achieve...
Zyxel GS1900 安全漏洞
Zyxel GS1900 is a managed switch from China Hopkins Zyxel. A security vulnerability exists in Zyxel GS1900 V2.80AAHN.1C0 and earlier versions, which stems from the presence of a post-authentication command injection vulnerability that could allow an authenticated attacker with administrator...
PT-2024-16696 · Ivanti · Ivanti Policy Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.1 Ivanti Policy Secure versions prior to 22.7R1.1 Description: The issue allows a remote authenticated attacker with admin privileges to achieve remote code execution through command injection...
PT-2024-34140 · Ivanti · Ivanti Endpoint Manager
Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update Description: The issue allows a remote authenticated attacker with admin privileges to achieve...
CVE-2024-51747
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...
DEBIAN-CVE-2024-51748
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...
CVE-2024-51747
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its path entry in the projecthasfiles SQLite db...
CVE-2024-51748 Remote code execution through language setting in kanboard
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...
PT-2024-32881 · Ivanti · Ivanti Connect Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.3 Ivanti Policy Secure versions prior to 22.7R1.2 Description: A stack-based buffer overflow allows a remote authenticated attacker with admin privileges to cause a denial of service...
PT-2024-9043 · Ivanti · Ivanti Policy Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.1 and prior to 9.1R18.9 Ivanti Policy Secure versions prior to 22.7R1.1 and prior to 9.1R18.9 Description: The issue is related to argument injection in Ivanti Connect Secure and Ivanti Policy...
PT-2024-32884 · Ivanti · Ivanti Policy Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.3 Ivanti Policy Secure versions prior to 22.7R1.2 Description: A stack-based buffer overflow allows a remote authenticated attacker with admin privileges to cause a denial of service...
WordPress Code Explorer plugin <= 1.4.5 - Authenticated (Admin+) External File Reading vulnerability
Authenticated Admin+ External File Reading vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Code Explorer versions = 1.4.5...
CVE-2024-30160
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow ...
WordPress Advanced Custom Fields <= 6.3.6.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Duc Luong Tran in WordPress Plugin Advanced Custom Fields versions = 6.3.6.2...
Qnap QTS OS Command Injection (CVE-2023-41283)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596...