CVE-2024-49690 WordPress Qi Blocks plugin <= 1.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through = 1.3.2...

PT-2024-33643 · Qode Interactive · Qi Blocks

Name of the Vulnerable Software and Affected Versions: Qode Interactive Qi Blocks versions 1.3.2 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This is a type of vulnerabilit...

The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased

The severity of the Elevation of Privilege - Microsoft Streaming Service CVE-2024-30090 vulnerability has increased. The vulnerability was fixed as part of the June Microsoft Patch Tuesday. At that time, no one highlighted this vulnerability. The vulnerability was discovered by a researcher with...

WordPress Qi Addons For Elementor Plugin <= 1.8.0 is vulnerable to Sensitive Data Exposure

Software Qi Addons For Elementor Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.8.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9530 Patch priority Low CVSS severity Low 4.3 Developer Qode Interactive PSID 6f7683e106bb Credits Ankit Patel...

WordPress Qi Blocks Plugin <= 1.3.2 is vulnerable to Local File Inclusion

Software Qi Blocks Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-49690 Patch priority Low CVSS severity Low 7.5 Developer Qode Interactive PSID a68a3ddba7fc Credits João Pedro S Alcântara Kinorth...

CVE-2024-45131 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on...

Exploit for Command Injection in Avtech Avm1203_Firmware

EN GenAvTechRCEExploit A PoC exploit for the CVE-2024-7029...

MAL-2024-9079 Malicious code in interactive-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eca3bcc821732a02b79cfd930582365b504c50377f31d23b6f2320ebb784914a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 40 Update: python-notebook-7.2.2-1.fc40

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

[SECURITY] Fedora 41 Update: python-notebook-7.2.2-1.fc41

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

Fedora 40 : python3.8 (2024-6dedbc5cf9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6dedbc5cf9 advisory. This is a security release of Python 3.11 ----------------------------------------- Note: The release you're looking at is Python 3.11.10, a securit...

Exploit for Command Injection in Telesquare Tlr-2005Ksh_Firmware

🚀 CVE-2024-29269 Exploit This repository contains an exploit...

Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip

😈 SPIP BigUp Unauthenticated RCE Exploit 😈 📜 Description...

CVE-2024-5857

CVE-2024-5857 affects Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). A missing capability check on the af2_handel_file_remove AJAX action in all versions up to 3.7.3.2 allows unauthenticated attackers to delete arbitrary media files. C...

CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

CVE-2024-8151

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8151

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8151 SourceCodester Interactive Map with Marker delete-mark.php cross site scripting

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8151

CVE-2024-8151 affects SourceCodester Interactive Map with Marker 1.0. The vulnerability is a cross-site scripting in the mark parameter of /endpoint/delete-mark.php, exploitable remotely. Root cause is input manipulation of mark leading to XSS. Exploitation details are disclosed publicly in relat...

CVE-2024-8151 SourceCodester Interactive Map with Marker delete-mark.php cross site scripting

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...