Information disclosure

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...

CVE-2024-1150 Improper validation of update packages

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1...

CVE-2024-1150

CVE-2024-1150 : Snow Software Inventory Agent on Unix (versions through 7.3.1) suffers from improper verification of cryptographic signatures in Snow Update Packages, enabling file manipulation via update packages. Root cause: insufficient/incorrect signature validation. Impact: integrity of upda...

CVE-2024-1150 Improper validation of update packages

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1...

CVE-2024-1149 Improper validation of update packages

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...

CVE-2024-1149 Improper validation of update packages

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...

CVE-2024-1149

CVE-2024-1149 concerns Snow Software Inventory Agent across macOS, Windows, and Linux. It stems from improper verification of cryptographic signatures, allowing file manipulation via Snow Update Packages. Affected versions include Inventory Agent up to 6.12.0, 6.14.5, and 6.7.2. The root cause is...

Snow Software Inventory Agent Data Forgery Issue Vulnerability

Snow Software Inventory Agent is an agent program from Snow Software of Sweden. Snow Software Inventory Agent is vulnerable to a data forgery issue that stems from incorrect cryptographic signature validation that allows file manipulation via update packages...

PT-2024-17034 · Snow · Snow Software Inventory Agent

Name of the Vulnerable Software and Affected Versions: Snow Software Inventory Agent on Unix versions through 7.3.1 Description: The issue is related to an Improper Verification of Cryptographic Signature vulnerability, which allows File Manipulation through Snow Update Packages. Recommendations:...

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file updateproduct.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2024-1264 Juanpao JPShop UploadsController.php actionUpdate unrestricted upload

A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be...

Out-of-bounds

A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument picurl leads to unrestricted upload. The attack...

Path Traversal

salt is vulnerable to Path Traversal. The vulnerability is caused by roots.py because there is no explicit path validation before performing file operations, as well as master.py creating directories and files based on unvalidated user input. An attacker can exploit these flaws to traverse and...

CVE-2024-24592

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files...

Information disclosure

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and...

CVE-2024-1200 Jspxcms information disclosure

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and...

CVE-2023-38020

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576...

Code injection

A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The...

Improper access control

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. T...

CVE-2024-1116 openBI Upload.php index unrestricted upload

A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed t...