287 matches found
Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38211)
Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System version v2.0, which stems from a failure of the categorie.php component to adequately validate whether a reques...
GHSA-Q83V-HQ3J-4PQ3 Duplicate Advisory: Improper access control in Directus
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3fff-gqw3-vj86. This link is maintained to preserve external references. Original Description Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them...
Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue...
Code Injection
Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...
Code Injection
Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...
CVE-2024-5942
CVE-2024-5942 affects the WordPress Page and Post Clone plugin. The issue is an Insecure Direct Object Reference in the content_clone function due to missing validation on a user-controlled key, enabling authenticated attackers with Author+ access to clone and read private posts. Technical detail...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol UpdateFirmware Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the location parameter of the...
[SECURITY] [DSA 5717-1] php8.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5717-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 20, 2024 https://www.debian.org/security/faq -...
Debian dsa-5717 : libapache2-mod-php8.2 - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5717 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5717-1 [email protected] https://www.debian.org/security/ Moritz...
CVE-2024-20405
CVE-2024-20405 affects Cisco Finesse, specifically the web-based management interface. The flaw arises from insufficient input validation for HTTP requests, enabling an unauthenticated, remote attacker to perform a stored XSS by exploiting a remote file inclusion (RFI) vulnerability. A crafted li...
USN-6785-1 gnome-remote-desktop vulnerability
Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop connections...
USN-6785-1: GNOME Remote Desktop vulnerability
Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop connections...
Ubuntu 24.04 LTS : GNOME Remote Desktop vulnerability (USN-6785-1)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6785-1 advisory. Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to...
LAquis SCADA LGX Report TextFile Open Path Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of...
CVE-2023-34276
CVE-2023-34276 affects D-Link DIR-2150 routers. The vulnerability is a command-injection in the SOAP API interface listening on TCP port 80, caused by improper validation of a user-supplied string before it is used in a system call. This allows an attacker with network access to execute code with...
WordPress LifterLMS plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
djangorestframework-simplejwt 5.3.1 - Information Disclosure Exploit
Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...
Django REST Framework SimpleJWT 5.3.1 Information Disclosure
Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...
djangorestframework-simplejwt 5.3.1 - Information Disclosure
Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...
WordPress Plugin LifterLMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...