PT-2024-35891 · Yahoo · Max Engel Yahoo! Webplayer

Name of the Vulnerable Software and Affected Versions: Max Engel Yahoo! WebPlayer versions n/a through 2.0.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge or...

PT-2024-35839 · Unknown · April'S Call Posts

Name of the Vulnerable Software and Affected Versions: April's Call Posts versions n/a through 2.1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

CVE-2024-11744

A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely...

WordPress Friendly Functions for Welcart plugin <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Friendly Functions for Welcart versions = 1.2.4...

PT-2024-34311 · David Garcia · Domain Sharding

Name of the Vulnerable Software and Affected Versions: David Garcia Domain Sharding versions 1.2.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

SUSE CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

PT-2024-33476 · Unknown · Edush Maxim Googledrive Folder List

Name of the Vulnerable Software and Affected Versions: Edush Maxim GoogleDrive folder list versions n/a through 2.2.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in Edush Maxim GoogleDrive folder list, which allows Stored XSS. This can lead to Stored Cross Site...

CVE-2024-10021

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/managepurchase.php?action=search&tag=VOUCHERNUMBER. The manipulation of the argument text leads to sql injection. The...

PT-2024-39513 · WordPress · Redi Restaurant Reservation

Name of the Vulnerable Software and Affected Versions: ReDi Restaurant Reservation plugin for WordPress versions up to, and including, 24.0902 Description: The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without...

PT-2024-10574

Name of the Vulnerable Software and Affected Versions MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to, and including, 3.1.2 Description The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input...

CVE-2024-47366

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6...

Arbitrary Code Execution

mautic/core is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation and access control during the execution of the upgrade script, allowing an attacker to execute arbitrary code during the upgrade process...

PT-2024-20859 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Method Description: The issue concerns multiple reflected Cross-Site Scripting XSS vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0. This vulnerability allows reflected XSS via the...

C-MOR Video Surveillance 5.2401 Path Traversal

Advisory ID: SYSS-2024-025 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Relative Path Traversal CWE-23 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...

CVE-2024-45178

CVE-2024-45178 affects za-internet C-MOR Video Surveillance 5.2401. The issue is path traversal caused by insufficient input validation, enabling an authenticated user to download arbitrary files as user www-data via vulnerable scripts download-bkf.pml (parameter bkf) and show-movies.pml (paramet...

WordPress plugin Gutenverse 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-40484

A Reflected Cross Site Scripting XSS vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter...

CVE-2024-7335

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument httphost leads to buffer overflow. It is possible to launch the attack...

TOTOLINK EX200 安全漏洞

The TOTOLINK EX200 is a 2.4G wireless N range extender designed to extend the coverage of existing Wi-Fi networks. A buffer overflow vulnerability exists in the TOTOLINK EX200. The vulnerability originates from the function loginauth in the /cgi-bin/cstecgi.cgi file, which operates on the paramet...

PT-2024-27649 · Perials · Perials Simple Social Share

Name of the Vulnerable Software and Affected Versions: Perials Simple Social Share versions n/a through 3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations...