186 matches found
PT-2024-28370 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/userSys deal.php?mudi=infoSet". This allows for potential unauthorized actions on the affected system. Recommendations: For idccm...
PT-2024-34002 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3 Description: A path traversal issue exists, allowing information disclosure through a specially crafted unauthenticated HTTP request to the AppProfileImport endpoint. Recommendations: For versions prior...
PT-2024-37404 · Unknown · Spa-Cartcms
Name of the Vulnerable Software and Affected Versions: spa-cartcms version 1.9.0.6 Description: A problematic issue has been found in the Checkout Page component, affecting the processing of the file /checkout. The manipulation of the quantity argument with the input -10 leads to enforcement of...
PT-2024-4825 · Jetbrains · Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.2.34646 Description: The issue is related to insufficient protection of registration data in the Access Token Handler component. This could allow a remote attacker to gain unauthorized access to...
PT-2024-27466 · WordPress · Cooked Pro
Name of the Vulnerable Software and Affected Versions: The Cooked Pro recipe plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Persistent Cross-Site Scripting XSS via the recipe settingspost title parameter due to insufficient input sanitization and...
PT-2024-22759 · Djl · Djl
Name of the Vulnerable Software and Affected Versions: djl version 0.26.0 Description: A TarSlip vulnerability exists in the djl library, allowing an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. This could lead to remote code execution,...
PT-2024-27138 · Trendnet · Tew-827Dru
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-827DRU versions 2.06B04 and earlier Description: The issue is a stack-based buffer overflow in the ssi binary, allowing an authenticated user to execute arbitrary code. This can be achieved by sending a POST request to "apply.cgi...
PT-2024-26458 · Unknown · Diño Physics School Assistant
Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts an unidentified code within the file /classes/Master.php?f=view item. Manipulating the argument id can result in SQL injection...
PT-2024-4750 · Splunk · Splunk Cloud Platform +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207...
PT-2024-3973
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX OSS affected versions not specified Description The issue is related to the HTTP/3 QUIC module in NGINX Plus and NGINX OSS. It involves undisclosed HTTP/3 encoder instructions that can cause NGI...
PT-2024-35105 · WordPress · Html5 Video Player
Name of the Vulnerable Software and Affected Versions: Videojs HTML5 Player plugin for WordPress versions up to, and including, 1.1.11 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's videojs video shortcode. This...
PT-2024-9211 · Sonatype · Sonatype Nexus Repository
Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository 2 versions up to and including 2.15.1 Description: A Remote Code Execution issue has been discovered, related to incorrect code generation management. This allows a remote attacker to execute arbitrary code by...
PT-2024-26321 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/homePro deal.php" with parameters mudi and nohrefStr. This allows for unauthorized requests to be made. Recommendations: For idccms...
PT-2024-25125 · Roothub · Roothub
Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: A SQL injection issue was discovered via the nodeTitle parameter in the parentNode function. This allows for potential exploitation. Recommendations: For Roothub version 2.6, as a temporary workaround, conside...
PT-2024-31444 · Unknown · Campcodes Complete Web-Based School Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic. It affects some unknown functionality of the file /view/timetable.php. The manipulation of the...
PT-2024-4001 · Portainer +1 · Portainer +1
Name of the Vulnerable Software and Affected Versions: Portainer versions prior to 2.20.0 Description: The issue is related to the use of open redirects in the Portainer container management platform. This could allow an attacker to redirect a user to an arbitrary site. The problem is associated...
PT-2024-26384
Name of the Vulnerable Software and Affected Versions Campcodes Online Event Management System version 1.0 Description A critical issue has been discovered, affecting the /api/process.php file. The manipulation of the userId argument leads to sql injection, allowing remote attacks. The issue has...
PT-2024-24216 · Totolink · Totolink Ex200
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: A remote code execution RCE issue was discovered, which can be exploited via the webWlanIdx parameter in the setWebWlanIdx function. Recommendations: For TOTOLINK EX200 version...
PT-2024-23648 · Netentsec · Netentsec Ns-Asg
Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection, which can be exploited via the "/admin/address interpret.php" API endpoint. There is no information provided about the estimated number of potentially affected...
PT-2024-22365 · Unknown · Lakernote Easyadmin
Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A critical vulnerability has been found in lakernote EasyAdmin. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the file argument leads to path...