CVE-2024-47138

CVE-2024-47138 affects mySCADA myPRO Manager. An unauthenticated remote attacker can access the administrative interface (listening on all interfaces) and exploit a weak command-parameter validation to inject arbitrary OS commands. The associated ICS advisory (CISA ICSA-24-326-07) confirms remote...

PT-2024-8761 · Myscada · Myscada Mypro Manager +1

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions affected versions not specified mySCADA myPRO Manager versions affected versions not specified Description: The issue is related to a lack of authentication for a critical function used in the operating system command...

CVE-2024-5917

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

Palo Alto Networks PAN-OS 代码问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A code issue vulnerability exists in Palo Alto Networks PAN-OS that stems from a server-side request forgery vulnerability that could allow an unauthenticated attacker to use the...

CVE-2024-52306

CVE-2024-52306 affects the Backpack FileManager component used in Laravel Backpack, where deserialization of untrusted data from the mimes parameter can lead to remote code execution. The issue is caused by insecure deserialization prior to version 3.0.9. A fix is available in 3.0.9 and later. Im...

PT-2024-37239 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS affected versions not specified Description: A server-side request forgery in PAN-OS software enables an attacker to use the administrative web interface as a proxy, allowing them to view internal network resources not otherwise...

PT-2024-16432 · Idexpert · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert versions up to 2.8 Description: The issue concerns a lack of validation in the administrator interface of IDExpert, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. This can be...

Denial Of Service (DoS)

Aimeos is vulnerable to Denial-of-Service. The vulnerability is due to insufficient handling in the Aimeos GraphQL API admin interface, specifically affecting all SaaS and marketplace setups...

LyLme Spage 安全漏洞

LyLme Spage Six Zero navigation page is China Six Zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background add links , customize the search engine , precipitation of the most valuable links , no...

CVE-2024-47173 Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue...

CVE-2024-47173

CVE-2024-47173 describes a denial-of-service vulnerability in Aimeos where all SaaS and marketplace deployments using the GraphQL API admin interface (Aimeos) from versions 2024.04 up to 2024.07.1 are affected. The issue arises from improper handling in the GraphQL admin API, leading to an attack...

Online Complaint Site SQL注入漏洞

Online Complaint Site is an online complaint site for janobe individual developers. A security vulnerability exists in Online Complaint Site version v.1.0, which stems from susceptibility to SQL injection attacks and allows remote attackers to elevate privileges via username and password paramete...

CVE-2024-45967

Pagekit 1.0.18 is vulnerable to Cross Site Scripting XSS in index.php/admin/site/widget...

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

PT-2024-12109 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the product data parameter of add/edit product in the administration interface. This enables attackers to execu...

Dolibarr ERP/CRM Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dolibarr ERP/CRM Login Utility', 'Description' = %q This module attempts to authenticate to a Dolibarr ERP/CRM's admin web interface, and should...

PT-2024-31262 · Unknown · Online Complaint Site

Name of the Vulnerable Software and Affected Versions: Online Complaint Site version 1.0 Description: The issue allows a remote attacker to escalate privileges via the username and password parameters in the "/admin.index.php" API endpoint. Recommendations: For Online Complaint Site version 1.0,...

CVE-2024-42774

An Incorrect Access Control vulnerability was found in /admin/deleteroom.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section...

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. An access control error vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an unauthenticated attacker to view valid hotel room information in the administrator interface...