CVE-2024-43093

CVE-2024-43093 affects the Android Framework component ExternalStorageProvider.java, where a bypass of a file-path filter can occur due to incorrect Unicode normalization. The root issue can allow local escalation of privilege without extra execution privileges, with exploitation requiring user i...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-49506 Fixed temporary file path in aeon-checks allows fixing of disk encryption key

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...

CVE-2024-49506

CVE-2024-49506 corresponds to an insecure temporary-file creation in aeon-checks/openSUSE-related tooling. The vulnerability allows a local attacker on systems with non-default configurations to cause a denial of service or set the filesystem encryption key. Several connected sources reference ae...

CVE-2024-11150

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

Exploit for CVE-2024-32640

CVE-2024-32640 MySQL Blind SQL Injection Proof of Concept Thi...

CVE-2024-10672

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...

CVE-2024-10672

CVE-2024-10672: The Multiple Page Generator Plugin – MPG for WordPress is vulnerable to directory traversal that enables authenticated attackers with editor-level access (and higher) to delete limited server files. Affected versions are

CVE-2024-51093

CVE-2024-51093 is a Stored XSS vulnerability in Snipe-IT 7.0.13 where an attacker can upload a malicious XML file containing JavaScript. The payload can execute in the victim’s browser and, as described across sources, may enable privilege escalation to a super admin. Affected component is the fi...

CVE-2024-10470

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

CVE-2024-10625

CVE-2024-10625 affects the WooCommerce Support Ticket System plugin for WordPress. It enables unauthenticated deletion of arbitrary files via delete_tmp_uploaded_file() due to insufficient path validation in versions up to 17.7, with potential remote code execution when critical files (e.g., wp-c...

Wazifa System control.php File SQL Injection Vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter to of the file /controllers/control.php. An attacker can exploit this vulnerability to execute illegal...

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the processingutils.asyncmovefilestocache function. An attacker can read arbitrary...

CVE-2024-10757

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/jsdata.php. The manipulation of the argument scripts leads t...

PT-2024-16565 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: A vulnerability was found in the PHPGurukul Hospital Management System, affecting some unknown processing of the file hms/doctor/search.php. The manipulation of the argument...

CVE-2024-10745

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/deferredtable.php. The manipulation of the argument scripts leads to...

PT-2024-16506 · Unknown · Wazifa System

Name of the Vulnerable Software and Affected Versions: Wazifa System version 1.0 Description: A critical issue affects the processing of the file /controllers/control.php, where the manipulation of the argument leads to sql injection. The attack may be initiated remotely. The exploit has been...

PT-2024-16508 · Unknown · Datatables +1

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit testing/templates/comple...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in EsafeNet CDG v5, which originates from the parameter id of the file /com/esafenet/servlet/system/HookInvalidCourseService.java that can lead to SQL injection...