CVE-2024-27936

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...

Panabit Panalog SQL注入漏洞

Panabit Panalog is a big data log auditing system from Panabit. A SQL injection vulnerability exists in Panabit Panalog version 202103080942, which stems from the parameter id of the file /Maintain/sprogupstatus.php that can lead to SQL injection...

CVE-2024-2714

A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

Meta4 HR security breach

Cegid Meta4 HR is a human resource management software HRM platform from Cegid Corporation. A security vulnerability exists in Meta4 HR version 819.001.022 and prior versions, which stems from a configuration page being placed on an Internet-facing web server, resulting in a file path being expos...

PT-2024-21488 · Unknown · Campcodes Online Job Finder System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Job Finder System version 1.0 Description: A critical issue affects some unknown functionality of the file /admin/user/controller.php. The manipulation of the UESRID argument leads to SQL injection. This issue can be exploite...

CVE-2024-2563

A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path...

Employee Task Management System Security Vulnerability

Employee Task Management System is an Employee Task Management System by Carlo Montero Personal Developer. A security vulnerability exists in Employee Task Management System, which originates from a redirected execution in the file /admin-manage-user.php...

CVE-2024-1302

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

CVE-2024-2394

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...

BIT-GITLAB-2020-13349

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are =8.12, =13.4, =13.5, 13.5.2...

BIT-JENKINS-2021-21690

Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins LTS 2.303.2 and earlier...

Customer Support System 跨站脚本漏洞

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability

Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1. Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affecte...

Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-23: Relative Path Traversal CVE ID: CVE-2024-2053 2. Vulnerability Description The Artica Proxy administrative web application attempts to...

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.

...

SUSE CVE-2024-26462

Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c...