PT-2024-36824 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.48.05 Description: The issue is related to improper input validation in the application, which can allow attackers to perform local file read LFR or path traversal attacks. These attacks occur when user...

CVE-2024-12962

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /parse/alledits.php. The manipulation of the argument skillset leads to sql injection. The attack can be launched remotely. The...

CVE-2024-12951

A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /addpersonaldetails.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The...

PT-2024-17811 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical vulnerability has been found in the 1000 Projects Attendance Tracking Management System. This issue affects unknown code of the file /admin/student...

PT-2024-17828 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue affects the processing of the file /add achievement details.php, where the manipulation of the argument ach certy leads to unrestricted upload. The attack...

Path Traversal

pghoard is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to traverse directories and access unauthorized files with the same privileges as the pghoard process...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. 1000 Projects Attendance Tracking Management System version 1.0 suffers from an injection vulnerability, which originates from the parameter facultycourseid in the file...

CVE-2024-12066

The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

CVE-2024-12066

The CVE-2024-12066 entry concerns the SMSA Shipping (official) WordPress plugin. Affected versions up to 2.2 are vulnerable due to insufficient file path validation in the smsa_delete_label() function, enabling authenticated users with Subscriber+ privileges to delete arbitrary files on the serve...

WordPress plugin SMSA Shipping(official) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

PT-2024-17426 · WordPress · Smsa Shipping

Name of the Vulnerable Software and Affected Versions: SMSA Shipping plugin for WordPress versions up to, and including, 2.2 Description: The SMSA Shipping plugin for WordPress has a flaw in the smsa delete label function due to insufficient file path validation. This issue allows authenticated...

Directory Traversal

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read...

Complaint Management System user-search.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter search in the file /admin/user-search.php that can lead to sql injection. No details of the vulnerability...

Directory Traversal

dotnetzip is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths during extraction in the src/Zip.Shared/ZipEntry.Extract.cs component, allowing remote attackers to execute arbitrary code...

PYSEC-2024-159

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-50625

Digi ConnectPort LTS prior to 1.4.12 is affected by a vulnerability in the web application’s file upload handling that allows manipulation of the file path via POST requests. This can enable arbitrary file uploads within specific directories and potentially lead to privilege escalation when combi...

CVE-2024-54747

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

WordPress plugin WP Hide & Security Enhancer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the authentication mechanism of the XRDP remote access tool, which allows a intruder to gain unauthorized access

The vulnerability of the XRDP remote access authentication mechanism is related to deficiencies in the retry limit for authentication attempts, which is controlled by the MaxLoginRetry parameter set in the configuration file /etc/xrdp/sesman.ini. Exploiting this vulnerability allows a malicious...