CUPS IPP Attributes LAN Remote Code Execution

class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Exploit::Remote::DNS::Common include Exploit::Remote::SocketServer include Msf::Exploit::Remote::HttpServer::HTML Accessor for IPP HTTP service attraccessor :service2 MULTICASTADDR = '224.0.0.251' Define IPP constants module...

CVE-2024-50849

A Stored Cross-Site Scripting XSS vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code...

CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

PYSEC-2024-123

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240

The CVE-2024-1240 entry applies to pyload/pyload 0.5.0, where the login flow mishandles the next parameter, enabling an open redirect to attacker-controlled sites (phishing risk). The issue is mitigated by upgrading to pyload-ng 0.5.0b3.dev79 or later. Connected documents confirm the vulnerable c...

CVE-2024-48974

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-48974 Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-11127

A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi...

CVE-2024-50557

CVE-2024-50557 affects Siemens SCALANCE M-800 family, RUGGEDCOM RM1224 LTE, and related devices. The issue is due to insufficient input validation in the configuration fields of the iperf functionality, allowing an unauthenticated remote attacker to execute arbitrary code on affected devices. Aff...

Citrix Systems NetScaler Gateway和NetScaler ADC 安全漏洞

Citrix Systems NetScaler Gateway Citrix Systems Gateway and Citrix Systems NetScaler ADC are both products of Citrix Systems, Inc.Citrix Systems NetScaler Gateway is a secure remote access solution. The solution provides administrators with application-level and data-level controls to enable user...

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-52286 Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-45088

CVE-2024-45088 affects IBM Maximo Asset Management 7.6.1.3 and is a stored cross-site scripting vulnerability. According to IBM and Red Hat sources, authenticated users can inject arbitrary JavaScript into the Maximo Web UI, potentially altering functionality and leading to credentials disclosure...

PT-2024-35152 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 0.32.0 Description: The issue in Stirling-PDF allows any unauthenticated user to execute JavaScript code in the context of the user due to the Merge functionality taking untrusted user input file name and using ...

CVE-2024-10988

The CVE-2024-10988 entry affects code-projects E-Health Care System v1.0, where the vulnerability lies in the file /Doctor/doctor_login.php. The root cause is improper handling of the email parameter, enabling SQL injection that can be triggered remotely and may affect multiple parameters. Severa...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...