CVE-2024-35592

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2024-35592

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2024-35592

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2024-35592

CVE-2024-35592 affects Box-IM, specifically version 2.0. The vulnerability is an arbitrary file upload in the Upload function that enables arbitrary code execution via a crafted PDF file. The available sources indicate a high-severity impact (CVSS 3.1: 9.6, CRITICAL) with network vector, no privi...

PT-2024-26564 · Box-Im · Box-Im

Name of the Vulnerable Software and Affected Versions: Box-IM version 2.0 Description: The issue allows attackers to execute arbitrary code via uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability in the Upload function. Recommendations: For Box-IM version 2.0, consider...

Box-IM 安全漏洞

Box-IM is an open source Box-IM chat tool modeled after WeChat. A security vulnerability exists in Box-IM v2.0, which originates from an arbitrary file upload vulnerability in the upload function, allowing an attacker to execute arbitrary code by uploading a well-designed PDF file...

PT-2024-18653 · WordPress · Applyonline

Name of the Vulnerable Software and Affected Versions: ApplyOnline – Application Form Builder and Manager plugin for WordPress versions up to, and including, 2.6 Description: The issue allows authenticated attackers with subscriber access or higher to view Application submissions due to a missing...

The vulnerability of the ComboBox control in the PDF viewer application for electronic documents by Foxit PDF Reader (formerly Foxit Reader) allows a hacker to execute arbitrary code.

The vulnerability of the ComboBox control in the PDF document viewing application of the Foxit PDF Reader formerly Foxit Reader is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created file...

PT-2024-26552 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: The issue is related to a stack overflow that can occur via the iptv.stb.mode parameter in the formSetIptv function. Recommendations: For Tenda AX1806 version 1.0.0.1, as a temporary workaround,...

Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework

Hakuin is a Blind SQL Injection BSQLI optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases DB from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of optimizati...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-23348)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to bypass security restrictions due to a window being disabled even after the file dialog box is displayed...

CVE-2024-4370 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress WPZOOM Addons for Elementor (Templates, Widgets) plugin <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Box Widget vulnerability discovered by stealthcopter in WordPress Plugin WPZOOM Addons for Elementor versions = 1.1.36...

WordPress plugin WPZOOM Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WPZOOM Addons for Elementor (Templates, Widgets) < 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

Description The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes...

PT-2024-30626 · Wpzoom · Wpzoom Addons For Elementor

Name of the Vulnerable Software and Affected Versions: WPZOOM Addons for Elementor plugin versions up to, and including, 1.1.36 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's widget Image Box, allowing authenticat...

Popup box < 4.1.3 - Cross-Site Request Forgery

Description The Popup box plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged...

CVE-2024-34367

Cross-Site Request Forgery CSRF vulnerability in Popup Box Team Popup box allows Cross-Site Scripting XSS.This issue affects Popup box: from n/a through 4.1.2...

CVE-2024-34367

CVE-2024-34367: CSRF leads to XSS in Popup Box – Popup Box plugin (ays-popup-box) for WordPress; affected versions up to 4.1.2. Patch status: Patched (fix details not provided in the supplied docs).

CVE-2024-34367 WordPress Popup Box plugin <= 4.1.2 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Popup Box Team Popup box allows Cross-Site Scripting XSS.This issue affects Popup box: from n/a through 4.1.2...