CVE-2024-7704

A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecologydev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack...

CVE-2024-7704 Weaver e-cology Source Code ecology_dev.zip information disclosure

A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecologydev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack...

CVE-2024-7704

Weaver e-cology 8 is affected in the Source Code Handler component, via an issue in the file /cloudstore/ecode/setup/ecology_dev.zip. The vulnerability enables information disclosure and can be exploited remotely; exploitation has been disclosed publicly. The available connected docs do not speci...

CVE-2024-7704 Weaver e-cology Source Code ecology_dev.zip information disclosure

A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecologydev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack...

PT-2024-38524 · Unknown · Weaver E-Cology

Name of the Vulnerable Software and Affected Versions: Weaver e-cology version 8 Description: A vulnerability was found in the Source Code Handler component of Weaver e-cology, affecting an unknown function of the file /cloudstore/ecode/setup/ecology dev.zip. This issue leads to information...

Courier Management System 2020-1.0 SQL Injection

Titles: courier-management-system-2020-1.0 Multiple-SQLi Author: nu11secur1ty Date: 08/12/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14611/courier-management-system-using-phpmysqli-source-code.htmlcomment-105424 Reference:...

CLSA-2024-1723059198 httpd: Fix of 3 CVEs

CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix. - CVE-2024-40725: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix...

FreeBSD-SA-24:07.nfsclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:07.nfsclient Security Advisory The FreeBSD Project Topic: NFS client accepts file names containing path separators Category: core Module: NFS client...

FreeBSD-SA-24:06.ktrace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:06.ktrace Security Advisory The FreeBSD Project Topic: ktrace2 fails to detach when executing a setuid binary Category: core Module: ktrace Announced:...

E-Commerce Site Using PHP PDO 1.0 Directory Traversal

============================================================================================================================================= | Title : E-Commerce Site using PHP PDO v1.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

K000140579: Apache vulnerability CVE-2024-39884

Security Advisory Description A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of...

Blog Site 1.0 SQL Injection

============================================================================================================================================= | Title : Blog Site 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

Leads Manager Tool SQL Injection / Cross Site Scripting

x========================================================================================================================================x | Title : Leads Manager Tool SQL & XSSstored Vulnerabilities | Software : Leads Manager Tool Using PHP and MySQL with Source Code | Create By :...

PT-2024-07: Reading arbitrary files via API in PT Application Inspector (PT AI)

The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to read source code files of other user's projects. The vulnerability can be exploited for privilege escalation...

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-40725)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40725 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy...

Apache HTTP Server: source code disclosure with handlers configured via AddType

...

Apache HTTP Server Information Disclosure Vulnerability (CNVD-2024-33815)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause source code...

MGASA-2024-0272 Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...