5655 matches found
CVE-2024-11016 Grand Vice info Webopac - SQL Injection
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
Cisco Unified Communications Manager is a call processing component of a Unified Communications system. A cross-site scripting vulnerability exists in the Cisco Unified Communications Manager WEB interface, which can be exploited by remote attackers to inject malicious script or HTML code that ca...
Amazon Linux 2 : cups-filters (ALAS-2024-2656)
The version of cups-filters installed on the remote host is prior to 1.0.35-26. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2656 advisory. CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality...
GHSA-6C4V-X9V2-RJM8 Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...
Eclipse Jetty DoS Vulnerability (GHSA-r7m4-f9h5-gr79) - Windows
Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
Fedora 40 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-bf524bf5c0)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-bf524bf5c0 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...
Amazon Linux 2023 : cups-filters, cups-filters-devel, cups-filters-libs (ALAS2023-2024-723)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-723 advisory. 2024-11-13: CVE-2024-47850 was added to this advisory. CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters...
ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller uses a weak set of default administrative...
PT-2024-7432 · Draytek · Draytek Vigor310
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor310 devices through 4.3.2.6 Description: The issue is related to shortcomings in the authentication procedure of DrayTek Vigor router software. Exploitation of this issue may allow a remote attacker to impact the confidentiality,...
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge ATG systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread...
CVE-2024-9324
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack...
PT-2024-39553 · Sourcecodester · Sourcecodester Online Railway Reservation System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Railway Reservation System version 1.0 Description: A vulnerability was found in the Ticket Handler component, specifically affecting some unknown functionality of the file /?page=tickets. The manipulation of the id...
Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number
In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: "These attacks could be executed remotely on any...
CVE-2024-47176
CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause t...
cups-filters -- remote code execution
OpenPrinting reports: Due to the service binding to :631 INADDRANY , multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine withou...
Security Bulletin: IBM Cognos Command Center has addressed vulnerabilites
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF3 has addressed the applicable CVEs by upgrading to IBM® Semeru Java™ Version 11.0.24.0. Additionally, IBM Cognos Command Center has addressed a vulnerability th...
Security Bulletin: Vulnerabilities in Logback, Guava and Apache HTTPClient affect IBM watsonx.data
Summary Logback, Guava and Apache HTTPClient have vulnerabilties that can affect watsonx.data. These vulnerabilities include remote attacks to bypass security restrictions and remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550...
Google Chrome Code Execution Vulnerability (CNVD-2024-39741)
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 123.0.6312.58, which can be exploited by remote attackers to execute arbitrary code on a system...