CVE-2024-10916

CVE-2024-10916 affects D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. The issue resides in the HTTP GET Request Handler’s /xml/info.xml, where an improper handling allows remote information disclosure. Public exploit information exists, enabling remote initiation without user int...

Unspecified Vulnerability in IBM TXSeries for Multiplatforms (CNVD-2024-43182)

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 10.1, which...

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

CVE-2024-34885

The CVE-2024-34885 entry concerns Bitrix24 (1C-Bitrix Bitrix24) version 23.300.100, where credentials in SMTP server settings are insufficiently protected. The underlying issue allows remote administrators to read SMTP account passwords via an HTTP GET request. The vulnerability impacts confident...

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

Fortinet FortiWeb xss (FG-IR-21-122)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-122 advisory. - A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and...

CVE-2024-9692

VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service DoS vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations...

CVE-2024-9692 Improper Access Control in Input in VIMESA VHF/FM Transmitter Blue Plus

VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service DoS vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations...

CVE-2024-9692 Improper Access Control in Input in VIMESA VHF/FM Transmitter Blue Plus

VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service DoS vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations...

Server Side Request Forgery (SSRF)

phpoffice/phpspreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the ability of an attacker to construct an XLSX file that links images from arbitrary paths, which allows for embedding those files as data: URLs and performing unauthorized HTTP GET requests...

Backdoor.Win32.Delf.yj MVID-2024-0693 Information Disclosure

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/f991c25f1f601cc8d14dca4737415238.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Delf.yj Vulnerability: Information Disclosure Description: The malware listens on...

CVE-2024-31490

CVE-2024-31490 affects Fortinet FortiSandbox products (FortiSandbox 4.4.0–4.4.4; 4.2.1–4.2.6; 4.0 all versions; 3.2.2–3.2.4; 3.1.5). The issue is an information disclosure via HTTP GET requests, enabling an attacker to access sensitive information. The connected documents confirm the affected ver...

SUSE CVE-2019-11072

DISPUTED lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in...

CVE-2024-45623

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server httpd. NOTE: This vulnerability only affects products that are no longer supported by t...

Ray cpu_profile command injection

Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...