AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability

Talos Vulnerability Report TALOS-2024-1942 AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability May 28, 2024 CVE Number CVE-2024-21785 SUMMARY A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E...

CVE-2024-5384

A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to sql injection. The attack can be initiated remotely. VDB-266302 is the identifier assigned ...

CVE-2023-52854

In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padatafreeshell In a high-load arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01 function call, I'll...

CVE-2023-52828

In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call instruction that has noreturn semantics within the verifier, this also kicks in dead code elimination in unprecedented ways. For one...

Emlog Pro 代码问题漏洞

Emlog is a PHP and MySQL based CMS website builder for emlog individual developers. A code issue vulnerability exists in Emlog Pro version 2.3.4, which stems from an unknown function in the file admin/setting.php that causes unrestricted uploads...

SchoolWebTech Code Issues Vulnerabilities

SchoolWebTech is a campus website application. A code issue vulnerability exists in SchoolWebTech version 1.0, which stems from an incorrect manipulation of the parameter image that can lead to unrestricted uploads...

Online Computer and Laptop Store 代码问题漏洞

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero Personal Developer. A code issue vulnerability exists in Online Computer and Laptop Store version 1.0, which stems from the file /classes/SystemSettings.php?f=updatesettings causing unrestricted uploads...

PHOENIX CONTACT CHARX SEC-3000 代码问题漏洞

PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. A code issue vulnerability exists in PHOENIX CONTACT CHARX SEC-3000 version 1.5.1 and earlier, which originates from a local, low-privilege attacker who can use an untrusted search path to gain root...

SolarWinds Access Rights Manager 代码问题漏洞

SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds, Inc. A code issue vulnerability exists in versions of SolarWinds Access Rights Manager prior to 2023.2.4, which stems from susceptibility to remote code execution vulnerabilities...

Pisay Online E-Learning System 代码问题漏洞

Sourcecodester Pisay Online E-Learning System is an online e-learning system based on PHP and MySQL. A code issue vulnerability exists in Pisay Online E-Learning System version 1.0, which stems from the parameter file in the file /lesson/controller.php that can lead to unrestricted uploads...

PT-2024-13351 · Vtiger · Vtiger Crm

Name of the Vulnerable Software and Affected Versions: Vtiger CRM version 7.5.0 Description: The issue allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file, which is executed on every page load...

IBM i 和 IBM Rational Development Studio 代码问题漏洞

IBM i and IBM Rational Development Studio are both products of International Business Machines IBM Corporation.IBM i is an operating system that runs in IBM Power Systems and IBM PureSystems.IBM Rational Development Studio is IBM i is an operating system that runs on IBM Power Systems and IBM...

GHSA-3WHQ-64Q2-QFJ6 vyper performs double eval of raw_args in create_from_blueprint

Summary Using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. A contract search was performed and no vulnerable contracts were found in production. In particular, the rawargs variant of createfromblueprint was not...

WordPress plugin Unlimited Elements For Elementor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2024-3857

The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

CVE-2024-30219

Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no longer supported, therefore the update for...

Adobe Animate 代码问题漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate has a code issue vulnerability that stems from the application being susceptible to NULL pointer dereferencing, which can be exploited by an attacker to cause a system crash, resulting in a...

Byzro Networks Smart S80 代码问题漏洞

Byzro Networks Smart S80 is an Internet behavior management product from Byzro Networks. A code issue vulnerability exists in Byzro Smart S80 Management Platform 20240317 and prior versions, which stems from an unknown function in /useratte/userattestation.php that causes unrestricted uploads via...

Ping Identity PingFederate 代码问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. Ping Identity PingFederate has a code issue vulnerability that stems from the presence of a Server Request Forgery SSRF vulnerability...

WordPress Plugin Product Designer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...