1155 matches found
JVN#65171386: Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR
ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below. Path Traversal CWE-36 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Base Score 8.6 CVE-2024-33620 Missing Authentication CWE-306...
Veeam Addresses Critical Flaws, Urges Admins to Patch
...
PT-2024-5954 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to insufficient protection of the web page structure in Adobe Experience Manager, which can allow a remote attacker to conduct cross-site scripting attacks...
CVE-2024-36729
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizardipv6 with a sufficiently long reboottype key...
PT-2024-25487 · Unknown · Campcodes Complete Web-Based School Management System
Name of the Vulnerable Software and Affected Versions: campcodes Complete Web-Based School Management System version 1.0 Description: A SQL injection issue allows an attacker to execute arbitrary SQL commands via the index parameter in the "/model/get student1.php" API endpoint. Recommendations:...
PT-2024-40785 · Git +1 · Libultrahdr
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, which occurs in the ultrahdr::getYuv420Pixel function. This function is called by...
The Wordfence Affiliate Program Officially Launches Today
Today, we are officially launching the Wordfence Affiliate Program. If you love securing WordPress and are passionate about helping make the Web a safer place, click here to apply to the program now. This is an exciting opportunity for us to give back to our incredible community who have been...
LoLLMs Security Vulnerabilities
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.5, which stems from insufficient cleanup of the config parameter in the /applysettings function, allowing an attacker to manipulate...
LoLLMs Security Vulnerabilities
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.3, which stems from insufficient protection of the /applysettings and /executecode endpoints, allowing remote attackers to execute...
RHEL 6 : pyyaml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PyYAML: command execution through python/object/apply constructor in FullLoader CVE-2019-20477 - In PyYAM...
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor
Summary IBM Business Automation Workflow Configuration Editor repackages a vulnerable version of Node.js and express. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By...
PT-2024-40711 · Git +1 · Flex
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-underflow read crash. The crash state includes functions such as filter apply chain and initialize output filters...
NewStart CGSL CORE 5.04 / MAIN 5.04 : git Multiple Vulnerabilities (NS-SA-2024-0015)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by multiple vulnerabilities: - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by...
CD: Users with `create` but not `override` privileges can perform local sync
A flaw was found in the Argo CD package. An improper validation bug allows users to sync local manifests on app creation, who have create privileges but not override privileges. All other restrictions, including AppProject restrictions, are still enforced. The only restriction that is not enforce...
Prison Management System 跨站脚本漏洞
Prison Management System is a prison management system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester Prison Management System version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameters txtstartdate/txttenddat...
PT-2024-25883 · Sourcecodester · Sourcecodester Prison Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Prison Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Prison Management System. This issue affects the file /Employee/apply leave.php, where the manipulation of the txtsta...
PT-2024-25774 · Sourcecodester · Sourcecodester Online Courseware
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Courseware version 1.0 Description: A problematic issue has been found in the file editt.php, where the manipulation of the id argument leads to cross-site scripting. The attack can be launched remotely. Recommendations:...
Google Pixel 安全漏洞
Google Android is a free and open source mobile operating system developed by Google Inc. based on the Linux kernel. Google Android suffers from an out-of-bounds read vulnerability that stems from a lack of bounds checking in the applyminlockconstraint module of the dvfs.c file. An attacker can...
CLSA-2024-1712176929 Update of libxslt
Fix use-after-free in xsltApplyTemplates...
CVE-2024-28447
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lanipaddr parameters at /apply.cgi...