CVE-2024-7226

A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=saveuser of the component Password Change Handler. The manipulation leads to cross-site request forgery. The attac...

Medicine Tracker System 跨站请求伪造漏洞

Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A cross-site request forgery vulnerability exists in Medicine Tracker System version 1.0, which stems from unknown code in file /classes/Users.php?f=saveuser that can lead to cross-site request forgery...

PT-2024-38176 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR1200 version 9.3.1cu.2832 Description: A problem was found in the file /etc/shadow.sample, which leads to the use of a hard-coded password. The complexity of an attack is rather high, and the exploitability is told to be difficult...

PT-2024-29133 · Ffri · Ffri Amc

Name of the Vulnerable Software and Affected Versions: FFRI AMC versions 3.4.0 to 3.5.3 Some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 Description: The issue allows a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an...

CVE-2024-7183

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The...

Lost And Found Information System 安全漏洞

Lost And Found Information System is a lost and found information system from Lost And Found. A security vulnerability exists in Lost And Found Information System version 1.0, which originates from a cross-site scripting vulnerability that allows a remote attacker to elevate the privileges of the...

PT-2024-38132 · Totolink · Totolink A3000Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3000RU version 5.9c.5185 Description: A problem was found in the processing of the file /web cste/cgi-bin/product.ini, which leads to the use of a hard-coded password. The issue has been disclosed to the public and may be used. The...

CVE-2024-7114

A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

Docker Desktop Daemon CLI External Control of File Path Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-6885

The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxiremovecustomimagesize and maxiaddcustomimagesize functions in all versions up to, and including, 1.9.2. This makes ...

PT-2024-28790 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS version 2.6.4 Description: The issue is related to a Buffer Overflow. It affects the /lib/pfcp/context.c file. Recommendations: For Open5GS version 2.6.4, consider restricting access to the vulnerable file /lib/pfcp/context.c to...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

USN-6888-2: Django vulnerabilities

USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this...

Ubuntu 18.04 LTS : Django vulnerabilities (USN-6888-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6888-2 advisory. USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the precedi...

Ubuntu: Security Advisory (USN-6888-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

CVE-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Django vulnerabilities (USN-6888-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6888-1 advisory. Elias Myllymki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attack...

CVE-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...