5655 matches found
The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores relates to the possibility of manipulating cross-site requests. This allows attackers to bypass security restrictions and carry out CSRF attacks.
The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform CSRF attacks...
Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks
Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 CVSS...
CVE-2024-34659
Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group...
ROS-20240902-11
Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to too soft memory allocation checks in Angle for GLSL shaders. with too soft memory allocation checks in Angle for GLSL shaders. Exploitation of the vulnerability could Allow an attacker acting...
NTP Mode 7 PEER_LIST Denial Of Service Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 7 PEERLIST DoS Scanner', 'Description' = %q This module identifies NTP servers which permit "PEERLIST" queries and return responses that...
PT-2024-5934 · Totolink · Totolink Ac1200 Wireless Router
Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 Wireless Router A3002RU version V2.1.1-B20230720.1011 Description: The issue concerns a buffer overflow vulnerability related to the formWlEncrypt CGI handler in the boa program. This handler fails to limit the length of the...
CVE-2024-8217
CVE-2024-8217 affects SourceCodester E-Commerce Website 1.0, specifically the /Admin/registration.php file where manipulating the fname parameter enables SQL injection. The vulnerability is exploitable remotely, with public disclosure of exploits. Multiple sources corroborate the issue and identi...
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...
The vulnerability of microprogrammed software in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters allows attackers to execute arbitrary commands.
The vulnerability of the Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2024-8155
A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseControllertree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort...
CVE-2024-42765
A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...
P&L Technology Limited RE365 Buffer Overflow Vulnerability
RE365 is a WiFi range extender from China's TP-LINK. A buffer overflow vulnerability exists in the RE365 V1180213 version of TP-LINK Technologies Ltd. The vulnerability stems from the lack of length validation of the /usr/bin/httpd.USERAGENT field, which can be exploited by an attacker to cause a...
CVE-2024-42781
A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter...
PT-2024-38416 · Datagear · Datagear
Name of the Vulnerable Software and Affected Versions: DataGear versions up to 5.0.0 Description: A critical issue has been found, affecting the evaluateVariableExpression function of the ConversionSqlParamValueMapper.java file in the Data Schema Page component. This issue leads to improper...
ROS-20240801-03
A vulnerability in the JSSE component of the Java SE software platform and Oracle GraalVM for JDK virtual machine is related to errors in certificate authentication procedure. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service A vulnerability in the CORBA...
PT-2024-41121 · Ао 'Экзософт' · Vmmanager 6
Уязвимость средства виртуализации VMmanager 6 связанная с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнять произвольные SQL-запросы к базе данных...
SUSE SLES12 Security Update : python-dnspython (SUSE-SU-2024:2605-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2605-1 advisory. - CVE-2023-29483: Fixed an issue that allowed remote attackers to interfere with DNS name resolution bsc1222693. Tenable has extracted the...
CVE-2024-7106
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...
kirilkirkov Ecommerce-Laravel-Bootstrap 代码问题漏洞
kirilkirkov Ecommerce-Laravel-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution kirilkirkov Ecommerce-Laravel-Bootstrap suffers from a code issue vulnerability that stems from the fact that manipulation of the parameter laraCart can lead to...
The vulnerability of the SAML single-input module in the software for managing identity verification and access control in Keycloak allows a attacker to perform XSS attacks.
The vulnerability of the SAML single-sign-on module in the software for managing identity verification and access to Keycloak exists due to the lack of security measures for the web page structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...