CVE-2024-21877

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability through a url parameter in Enphase IQ Gateway formerly known as Envoy allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and 8.2.4225...

PT-2024-6509 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the setModifyVpnUser function, located in the /cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by...

Firewalla 安全漏洞

Firewalla is a driver from Firewalla Inc. A security vulnerability exists in Firewalla versions prior to 1.979 that stems from the presence of multiple authenticated operating system command injection vulnerabilities. An attacker authenticated with the Bluetooth Low Power Interface can use the...

CVE-2024-21877

CVE-2024-21877 describes a path traversal vulnerability in Enphase IQ Gateway (formerly Envoy) that allows file manipulation via a URL parameter. Affected are Enphase IQ Gateway/Envoy versions 4.x through 8.0 and those

Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The...

PT-2024-38441 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this...

Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue...

PT-2024-38444 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to delete arbitrary directories on affected installations. The flaw exists within the HTTP API service, which listens on TCP port...

PT-2024-38443 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to...

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The...

CVE-2024-7317

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it...

(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag within a devcontainer...

Microsoft AirSim airsimci Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft AirSim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AirSim. When installed from the official Microsoft GitHub repositor...

Microsoft CameraTraps cameratracrsppftkje Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft CameraTraps. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of CameraTraps. When installed from the official Microsoft GitHub...

(0Day) (Pwn2Own) oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMS message lists. The issue results from the lack of proper validation o...

PT-2024-38422 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to...

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the getresponsejsonresult endpoint. The issue results from the lack ...

NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getFilterString method. The issue results from the lack of...

NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString method. The issue results from the lack of prope...

Centreon testServiceExistence SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the testServiceExistence function. The issue results from the lack of proper validation of a...