Student Enrollment 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Student Enrollment v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

PT-2024-31826 · Vegabird · Vegabird Vooki

Name of the Vulnerable Software and Affected Versions: VegaBird Vooki version 5.2.9 Description: A DLL hijacking issue allows attackers to execute arbitrary code and maintain persistence by placing a crafted DLL file in the same directory as Vooki.exe. This enables attackers to potentially gain...

DEBIAN-CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

CVE-2024-30134

The HCL Traveler for Microsoft Outlook executable HTMO.exe is being flagged as potentially Malicious Software or an Unrecognized Application...

Rupee Invoice System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Rupee Invoice System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Cross-site Scripting (XSS)

@backstage/plugin-techdocs-backend is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to improper handling of content in TechDocs storage buckets, allowing an attacker to inject executable scripts that are executed in the victim's browser when viewing documentation or...

SUSE SLES15 Security Update : python3 (SUSE-SU-2024:3302-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3302-1 advisory. - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module bsc1228780. - CVE-2024-7592: Fixed Email...

CVE-2024-46976

A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to a...

GHSA-5J94-F3MF-8685 @backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection

Impact An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. Patches This has been fixed in the...

CVE-2024-46976

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-46976

CVE-2024-46976 affects the Backstage framework, specifically the @backstage/plugin-techdocs-backend . The root cause is that attacker-controlled content in the TechDocs storage buckets can inject executable scripts into TechDocs content, which then execute in a victim’s browser when documentation...

GHSA-QQV8-PH7F-H3F7 OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build containe...

CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...

Reservation Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Reservation Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 ...

Online Job Recruitment Portal Project 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Job Recruitment Portal project v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

OESA-2024-2129 exim security update

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

CVE-2024-6656

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13...

CVE-2024-6656

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13...

CVE-2024-6656

The CVE-2024-6656 issue affects TNB Mobile Solutions Cockpit Software prior to v2.13, where hard-coded credentials enable reading sensitive strings within an executable. Public descriptions (NVD/Red Hat/CNNVD) align on the flaw and affected version range; CVSS metrics indicate high/critical impac...