CVE-2024-7362

A vulnerability, which was classified as critical, has been found in SourceCodester Tracking Monitoring Management System 1.0. This issue affects some unknown processing of the file /manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely...

CVE-2024-40799

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may...

CVE-2024-7159

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. It has been rated as critical. This issue affects some unknown processing of the file /webcste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been...

Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MOV...

Softing Secure Integration Server 1.22 Remote Code Execution Exploit

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...

CVE-2024-6941

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument sitetitle/sitesubtitle/sitekey/sitedesc/siteurl/siteemail/siteicp leads to cross site scriptin...

CVE-2024-6941

ThinkSAAS 3.7.0 is affected by a cross-site scripting vulnerability in the processing of app/system/action/do.php. The issue arises from manipulating arguments site_title, site_subtitle, site_key, site_desc, site_url, site_email, and site_icp, enabling potential remote exploitation. The PT-Securi...

CVE-2024-6439

A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated...

ClamAV VirusEvent File Processing Command Injection Vulnerability

...

CVE-2024-6188

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

CVE-2024-6188 Parsec Automation TrackSYS pagedefinition direct request

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

CVE-2024-6182

CVE-2024-6182 affects LabVantage LIMS 2017. The vulnerability is a cross-site scripting flaw in the file path /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y, caused by manipulation of the sdcid/keyid1 parameter. It can be exploited remotely; exploitation is disclosed publ...

CVE-2024-6128

Spa-Cartcms (spa-cartcms) v1.9.0.6 Checkout Page has a vulnerability in the /checkout processing where manipulating the quantity argument with -10 enforces a behavioral workflow. The issue is remotely triggerable and publicly disclosed. The PT-2024-37404 entry provides concrete details and recomm...

CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

CVE-2024-27831

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app terminati...

CVE-2024-27831

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a file may lead to unexpected app terminati...

CVE-2024-27831

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app terminati...

About the security content of visionOS 1.2

About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...

CVE-2024-24685

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of commen...

CVE-2024-5385

CVE-2024-5385 affects oretnom23 Online Car Wash Booking System 1.0. A cross-site scripting flaw exists in the /admin/?page=user/list endpoint triggered by manipulating the First Name/Last Name field with a script payload. The issue is exploitable remotely and involves user interaction. Documented...