Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both a professional video encoder device from Kiloview China. A security vulnerability exists in the Kiloview P1 and P2. An attacker could exploit this vulnerability to download source code or executable files from a remote locatio...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

PT-2024-15262 · Softmaker +1 · Softmaker Office 2024 +3

Name of the Vulnerable Software and Affected Versions: SoftMaker Office 2024 / NX versions prior to revision 1214 SoftMaker FreeOffice 2014 versions prior to revision 1215 SoftMaker FreeOffice 2021 no fix available Description: An issue was discovered in the SoftMaker Office and FreeOffice MSI...

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™...

Progress Software WhatsUp Gold Security Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3, whi...

PT-2024-33246 · Progress · Progress Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Progress WhatsUp Gold versions prior to 2023.1.3 Description: A Remote Code Execution issue exists in Progress WhatsUp Gold, allowing an unauthenticated attacker to achieve Remote Code Execution as a service account through NmApi.exe...

CSV Injection

silverstripe/framework is vulnerable to CSV injection. The vulnerability is due to the potential inclusion of executable macros and scripts in the exported CSV files, which allows an attacker to execute arbitrary code or commands on the user's system...

Foxit Reader Privilege Escalation Vulnerability (Jun 2024)

Foxit Reader is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-37848

SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admindelete.php component...

Privilege Escalation

github.com/dnscrypt/dnscrypt-proxy is vulnerable to Privilege escalation. The vulnerability is caused by insecure file permissions on the dnscrypt-proxy executable, which allows non-privileged users to overwrite it with malicious code, leading to potential privilege escalation to root when the...

CVE-2024-27173

Toshiba e-STUDIO multi-function printers are affected by CVE-2024-27173 in the Remote Command program, enabling remote code execution by overwriting Python executables. Root cause involves execution of code via uploaded/modified Python files, with impact to confidentiality, integrity, and availab...

Zyxel NAS Multiple Vulnerabilities

The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request. CVE-2024-29973 - Th...

CVE-2024-0095

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...

CVE-2024-0095 CVE

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...

curl: Unicode-to-ASCII conversion on Windows can lead to argument injection and more

Vulnerability description not provided...

PT-2024-21707

Name of the Vulnerable Software and Affected Versions Toshiba Tec Remote Command program affected versions not specified Description The issue allows an attacker to achieve Remote Code Execution by overwriting existing Python files that contain executable code. This can be difficult to execute...

Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

The vulnerability of the LaborOfficeFree software for managing shift scheduling and working hours, which stems from the use of pre-installed database records, allows a perpetrator to gain unauthorized access to the application’s backup database.

The vulnerability of the executable files LOFservice.exe and LaborOfficeFree.exe of the LaborOfficeFree software for workforce management and time tracking involves the use of pre-installed database credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...

Fedora: Security Advisory for rust-copydeps (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...