CVE-2024-11971 Guizhou Xiaoma Technology jpress Avatar upload cross site scripting

A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting. T...

CVE-2024-11744 1000 Projects Portfolio Management System MCA register.php sql injection

A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely...

CVE-2024-11675

A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/hisadminregisterpatient.php of the component Add Patient Details Page. The manipulation of the argument...

CVE-2024-11674 CodeAstro Hospital Management System his_doc_update-account.php unrestricted upload

A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/hisdocupdate-account.php. The manipulation of the argument docdpic leads to unrestricted upload. It is possible to launch the attack...

CVE-2024-48862

CVE-2024-48862 affects QNAP’s QuLog Center. A link-following vulnerability could allow remote attackers to traverse the file system and read or overwrite files. Affected versions are prior to 1.7.0.831 and prior to 1.8.0.888; fixed in 1.7.0.831+ and 1.8.0.888+. CVSS metrics indicate high impact (...

CVE-2024-11587

CVE-2024-11587 affects idcCMS 1.60, specifically the GetCityOptionJs function in /inc/classProvCity.php, where manipulating the idName parameter triggers cross-site scripting. Exploitation can be remote; multiple sources flag XSS, with some templates noting a reflected XSS via idName (read.php). ...

CVE-2024-11488

A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/webuser.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2018-9468

In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-11490

CVE-2024-11490 affects 115cms up to 20240807. The vulnerability is a Cross-Site Scripting (XSS) in an unknown function of /index.php/admin/web/set.html caused by manipulating the type argument. It can be exploited remotely and public exploits have been disclosed; the vendor reportedly did not res...

CVE-2024-11490 115cms set.html cross site scripting

A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php/admin/web/set.html. The manipulation of the argument type leads to cross site scripting. The attack can be launched remotely...

CVE-2018-9468

In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-11484

CVE-2024-11484 affects Code4Berry Decoration Management System 1.0. The vulnerability arises from manipulation of the parameter productimage1 in the file /decoration/admin/update_image.php (User Image Handler), leading to improper access controls. It is exploitable remotely and has publicly discl...

binutils security update

An update is available for binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The binutils packages provide a collection of binary utilities for the...

Unauthorized File Manipulation

ansiblecore is vulnerable to Unauthorized File Manipulation. The vulnerability is due to the user module allowing an unprivileged user with directory traversal permissions to create or replace files on any system path and gain ownership when a privileged user executes the module against the...

Palo Alto Networks Expedition SQL Injection Vulnerability

Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the...

CVE-2024-11175

Public CMS 5.202406.d contains a cross-site scripting (XSS) vulnerability in the Voting Management module, caused by how /admin/cmsVote/save processes input. The issue is exploitable remotely and affects the Voting Management component. A patch is available: b9530b9cc1f5cfdad4b637874f59029a6283a6...

CVE-2024-11175 Public CMS Voting Management save cross site scripting

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has be...

Siemens SINEC INS Path Traversal Vulnerability (CNVD-2024-45208)

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. A path traversal vulnerability exists in Siemens SINEC INS, which stems from not properly clearing user-supplied paths for sftp-based file uploads and downloads, and can be...

CVE-2024-11138 DedeCMS friendlink_add.php unrestricted upload

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlinkadd.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-43415

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...