CVE-2024-2632 Information Exposure Vulnerability on Meta4 HR

A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET...

CVE-2024-2632 Information Exposure Vulnerability on Meta4 HR

A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET...

TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection

!/usr/bin/env python TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters...

Design/Logic Flaw

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

Server-Side Request Forgery (SSRF)

RSSHub is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to SSRF vulnerabilities in RSSHub, enabling remote attackers to utilize the server as a proxy for sending HTTP GET requests to arbitrary targets. This could result in retrieving information from the internal networ...

Sql injection

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/managecategory.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql...

CVE-2024-2332 SourceCodester Online Mobile Management Store HTTP GET Request manage_category.php sql injection

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/managecategory.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql...

CVE-2024-2332 SourceCodester Online Mobile Management Store HTTP GET Request manage_category.php sql injection

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/managecategory.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql...

CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

RSSHub vulnerable to Server-Side Request Forgery

Summary Serveral Server-Side Request Forgery SSRF vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. Details...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Denial Of Service Exploit

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot Remote Denial Of Service Vendor: Video Medios, S.A. VIMESA Product web page: https://www.vimesa.es Affected version: img:v9.7.1 Html:v2.4 RS485:v2.5 Summary: The transmitter Blue Plus is designed with all the latest technologies, such as high...

WyreStorm Apollo VX20 Credential Disclosure Vulnerability

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

WyreStorm Apollo VX20 Incorrect Access Control

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLDOSCVE-2024-25736.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability...

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...

CVE-2024-1197 SourceCodester Testimonial Page Manager HTTP GET Request delete-testimonial.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...

CVE-2024-1197 SourceCodester Testimonial Page Manager HTTP GET Request delete-testimonial.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...

BIT-CANVASLMS-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection Exploit

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to...

CVE-2024-0885

A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

Design/Logic Flaw

A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...