CVE-2024-51941 Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An...

TOTOLINK A3002R Remote Code Injection Vulnerability

The TOTOLINK A3002R is a wireless dual-band Gigabit router. A remote code injection vulnerability exists in the TOTOLINK A3002R. The vulnerability is due to the ability to execute remote code in /bin/boa via formWsc in the affected version. An attacker can exploit this vulnerability to remotely...

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

CVE-2024-12789

A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has...

PT-2024-17739 · Pbootcms · Pbootcms

Name of the Vulnerable Software and Affected Versions: PbootCMS versions up to 3.2.3 Description: A critical issue has been found in PbootCMS, affecting an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possib...

CVE-2023-37940

Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...

The vulnerability of microprogramming software in embedded network control devices of ASPECT Enterprise, NEXUS Series, and MATRIX Series allows for unlimited loading of malicious files, enabling attackers to introduce harmful code into the system.

The vulnerability of microprogramming software in embedded network control devices of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to inject malicious code into the system...

CVE-2024-50387

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service...

CVE-2024-50389

CVE-2024-50389 affects QuRouter and is a SQL injection vulnerability. The issue could allow remote attackers to inject code. A patch fixes the vulnerability starting with QuRouter 2.4.5.032 and later. The public documentation lists high-severity metrics (CVSS 3.1: 9.8; CVSS 4.0: 9.5) and indicate...

CVE-2024-50387 SMB Service

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service...

CVE-2024-8648

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL...

CVE-2024-51328

Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter...

CVE-2024-10505

A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-10073

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...

PT-2024-7333

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Enterprise versions OME 4.1 and prior Description: The issue is related to improper control of code generation, which could allow a remote attacker with low privileges to execute arbitrary code. This is a code injection...

Synology DiskStation Manager Cross-site Scripting (CVE-2015-4655)

Cross-site scripting XSS vulnerability in Synology DiskStation Manager DSM before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the compound parameter to entry.cgi. This plugin only works with Tenable.ot. Please visit...

CVE-2024-9324

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack...

CVE-2024-46367

A Stored Cross-Site Scripting XSS vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated...

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open source CRM solution for small and medium-sized businesses from Webkul India. A security vulnerability exists in Webkul Krayin CRM version 1.3.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows remote attackers to...

Amazon Linux 2 : python2-setuptools (ALAS-2024-2632)

The version of python2-setuptools installed on the remote host is prior to 41.2.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2632 advisory. A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution vi...