PT-2025-39834

Name of the Vulnerable Software and Affected Versions VMware Aria Operations and VMware Tools versions prior to fixes available since October 2024 open-vm-tools versions prior to 2:11.3.0-2ubuntu0ubuntu20.04.8+esm1 VMware Cloud Foundation 4.x and 5.x, 9.xxx, 13.xxx vSphere Foundation 9.xxx, 13.xx...

1000 Projects Attendance Tracking Management System 安全漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. A security vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which stems from an incorrect operation of the parameter adminusername that...

PT-2024-17791 · Evoko · Evoko Home

Name of the Vulnerable Software and Affected Versions: Evoko Home versions 2.4.2 through 2.7.4 Description: The issue is related to incorrect default permissions in Evoko Home, allowing a non-admin user to exploit weak file and folder permissions and potentially escalate privileges, execute...

emlog 代码注入漏洞

emlog is emlog personal developer of a PHP and MySQL based CMS site building system. Code injection vulnerability exists in emlog 2.4.1 and previous versions, the vulnerability stems from the manipulation of the keyword parameter in the /admin/user.php file leading to cross-site scripting attacks...

CVE-2024-37774

A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...

Complaint Management System user-search.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter search in the file /admin/user-search.php that can lead to sql injection. No details of the vulnerability...

CVE-2024-10637 Kadence Blocks < 3.2.54 - Admin+ Stored XSS

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-10517 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which originates from the parameter adminusername in the file...

CVE-2024-10551 Sticky Social Icons <= 1.2.1 - Admin+ Stored XSS

The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12228

A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter search in the file /admin/user-search.php that can lead to sql injection. No details of the vulnerability...

PT-2024-17494 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Complaint Management System. It affects an unknown function of the file /admin/user-search.php. The manipulation of the...

FreeBSD : zabbix -- SQL injection in user.get API (f0d33375-b0e0-11ef-a724-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f0d33375-b0e0-11ef-a724-b42e991fc52e advisory. [email protected] reports: A non-admin user account on the Zabbix frontend with the default User role...

DEBIAN-CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

UBUNTU-CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

CVE-2024-42327 SQL injection in user.get API

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

CVE-2024-6476

Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security...

CVE-2024-6476

CVE-2024-6476 affects Axis Camera Station Pro. A non-admin user can gain system privileges by redirecting a file deletion on service restart. Root cause details are not fully provided in the available documents, but Axis has released patched versions and directs to the Axis security advisory for ...