WordPress PVN Auth Popup 1.0.0 Cross Site Scripting Vulnerability

Exploit Title: PVN Auth Popup alert1 for the "Login text" input 3. Save and see the XSS Note: Other fields are likely vulnerable...

Covid-19 Contact Tracing System 1.0 SQL Injection

============================================================================================================================================= | Title : Covid-19 Contact Tracing System 1.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

CVE-2024-41734

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability...

WordPress PVN Auth Popup 1.0.0 Cross Site Scripting

Exploit Title: PVN Auth Popup alert1 for the "Login text" input 3. Save and see the XSS Note: Other fields are likely vulnerable Reference: https://wpscan.com/vulnerability/24685b19-0a44-411a-9e1b-d4d0627d7cb6/...

AgileBits 1Password Auth Bypass (CVE-2024-42218) (macOS)

The version of AgileBits 1Password installed on the remote macOS or Mac OS X host is prior to 8.10.38. It is, therefore, affected by an authentication bypass vulnerability that allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. Note that Nessus has n...

conda-store (>=2024.6.1 <=2024.11.2), cylc-uiserver (>=0.1.0 <=0.3.0) +13 more potentially affected by CVE-2024-41942 via jupyterhub (>=0.8.1 <=4.0.2)

jupyterhub PYPI version =0.8.1, =2024.6.1, =0.1.0, =0.0.4, =1.3.7, =1.0.0, =0.2.0, =0.1.0, =0.0.0, =0.1.0, =0.10.0, =0.2.25, =0.0.1, =0.1.0, =0.0.2, =0.0.9 Source cves: CVE-2024-41942 Source advisory: OSV:GHSA-9X4Q-3GXW-849F...

kernel: SUNRPC: fix some memleaks in gssx_dec_option_array

A flaw was found in the authrpcgss module in the Linux kernel. A memory leak can occur due to improper error handling, potentially impacting system performance and possibly resulting in a denial of service...

kernel: SUNRPC: fix some memleaks in gssx_dec_option_array

A flaw was found in the authrpcgss module in the Linux kernel. A memory leak can occur due to improper error handling, potentially impacting system performance and possibly resulting in a denial of service...

Employee Management System 1.0 SQL Injection

============================================================================================================================================= | Title : Employee Management System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-43045 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.452.3)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-43045 Source advisory: OSV:GHSA-8PV9-QH96-9HC6...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

Concert Ticket Reservation System 1.0 SQL Injection

====================================================================================================================================================== | Title : Concert Ticket Reservation System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

CBL Mariner 2.0 Security Update: cert-manager / influxdb / keda / libcontainers-common / packer (CVE-2024-6104)

The version of cert-manager / influxdb / keda / libcontainers-common / packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6104 advisory. - go-retryablehttp prior to 0.7.7 did not sanitize urls...

Alpine allows Authentication Filter bypass

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains...

Blog Site 1.0 SQL Injection

============================================================================================================================================= | Title : Blog Site 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

PT-2024-38370 · Forip Tecnologia · Forip Tecnologia Administração Pabx

Name of the Vulnerable Software and Affected Versions: ForIP Tecnologia Administração PABX versions 1.x Description: A critical issue affects some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the user argument leads to SQL injection...

0x-relayer-cat (>=0.0.2 <=0.0.10), 0xauth (>=0.0.2 <=0.0.6) +8800 more potentially affected by CVE-2024-42460 via elliptic (>=2.0.2 <=6.5.6)

elliptic NPM version =2.0.2, =0.0.2, =0.0.2, =1.0.6, =0.0.1-beta.1, =1.0.0, =0.1.0, =0.0.92, =0.1.3, =4.2.1, =6.2.1, =6.2.4 and more Source cves: CVE-2024-42460 Source advisory: OSV:GHSA-977X-G7H5-7QGW...

AccPack Buzz 1.0 SQL Injection

============================================================================================================================================= | Title : AccPack Buzz v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...

CLSA-2024-1722527236 Fix CVE(s): CVE-2021-3733

SECURITY UPDATE: Regular Expression Denial of Service - debian/patches/CVE-2021-3733.patch: Fix ReDoS vulnerability in AbstractBasicAuthHandler class of Lib/urllib2.py - CVE-2021-3733...

biscuit-cli (>=0.4.1 <=0.4.2) potentially affected by CVE-2024-41949 +1 more via biscuit-auth (=4.1.1)

biscuit-auth CARGO version =4.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on biscuit-auth and may be impacted: - biscuit-cli =0.4.1, =0.4.2 Source cves: CVE-2024-41949, CVE-2024-42350 Source advisory: OSV:GHSA-P9W4-585H-G3C7...