CVE-2024-13004

A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/category.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-12954

CVE-2024-12954 affects the 1000 Projects Portfolio Management System MCA 1.0. The vulnerability exists in the update_ach.php/file path area where manipulating the argument related to the upload parameter (ach_certy/ach certy) enables unrestricted (remote) file upload. This could allow an attacker...

[SECURITY] Fedora 41 Update: libcomps-0.1.21-4.fc41

Libcomps is library for structure-like manipulation with content of comps XML files. Supports read/write XML file, structures modification...

CVE-2024-12846 Emlog Pro link.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The...

CVE-2024-12843

A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclos...

CVE-2024-12783

A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The explo...

File Manipulation

drupal/core is vulnerable to File Manipulation. The vulnerability is due to insufficient validation and sanitization of user-provided file paths, which can lead to unauthorized file access or manipulation...

CVE-2024-12359

A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendormanagement.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploi...

CVE-2024-10776

Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer...

CVE-2024-11942

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...

CVE-2024-11942

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...

UBUNTU-CVE-2024-11942

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...

CVE-2024-11942 Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...

CVE-2024-11942

CVE-2024-11942 is a Drupal Core vulnerability that enables file manipulation in Drupal Core versions 10.0.0 up to (but not including) 10.2.10. Impact and root cause are not detailed in the provided documents, but multiple sources corroborate the issue. Affected releases should upgrade to Drupal C...

CVE-2024-11942 Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...

Cisco NX-OS Improper Input Validation (CVE-2012-4122)

The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...

Zyxel Multiple Firewalls Path Traversal Vulnerability

Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL...

CVE-2024-11998

A vulnerability was found in code-projects Farmacia 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /visualizer-forneccedor.chp. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-11971

A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting. T...

CVE-2024-11971

CVE-2024-11971 affects Guizhou Xiaoma Technology jpress 5.1.2. The vulnerability resides in the Avatar Handler’s file upload endpoint at /commons/attachment/upload, where manipulating the files argument leads to cross-site scripting. The issue can be triggered remotely and exploits have been disc...