PT-2024-25167 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Task Management System version 1.0 Description: The issue allows for SQL Injection via the admin-manage-user.php page. Recommendations: For Employee Task Management System version 1.0, consider restricting access to the...

PT-2024-22868 · Mozilocms · Mozilocms

Name of the Vulnerable Software and Affected Versions: moziloCMS version 2.0 Description: The issue allows attackers to bypass file upload restrictions, potentially leading to unauthorized file execution or storage of malicious content. This is achieved by renaming files, which can result in the...

PT-2024-24134 · Unknown · Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: Computer Laboratory Management System version 1.0 Description: The issue concerns SQL Injection via the id parameter of the "/admin/damage/view damage.php" API endpoint. Recommendations: For Computer Laboratory Management System version 1.0,...

PT-2024-21614

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-05205-g77fadd89fe2d-dirty 213 Description The issue arises when the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to itself, resulting in a qdisc lock deadlock. Thi...

PT-2024-25255 · Tiagorlampert · Chaos

Name of the Vulnerable Software and Affected Versions: tiagorlampert CHAOS versions before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e tiagorlampert CHAOS version v5.0.1 Description: The issue allows a remote attacker to execute arbitrary code via the...

PT-2024-5339 · Adtran +1 · Adtran 834-5 +1

Name of the Vulnerable Software and Affected Versions: AdTran 834-5 HDC17600021F1 SmartOS versions 11.1.1.1 through 12.5.5.0 Description: The issue concerns a hidden, undocumented, hard-coded support account in AdTran 834-5 devices, whose password is based on the device's MAC address. Since all...

PT-2024-25317 · Sourcecodester · Aplaya Beach Resort Online Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file admin/mod users/controller.php?action=add. The manipulation of...

PT-2024-22797

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: gotortc is a camera streaming application. The index page index.html shows available streams by fetching the API on the client side, using Object.entries to iterate over the result, and appending...

CVE-2024-26773 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfound Determine if the group block bitmap is corrupted before using acbex in ext4mbtrybestfound to avoid allocating blocks from a group with a corrupted block...

PT-2024-3859 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to insufficient access controls on a specific API endpoint, allowing a remote attacker to gain unauthorized access to protected information by sending...

PT-2024-23641 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection, which can be exploited via the "/WebPages/history.php" API endpoint. This allows for potential unauthorized access or manipulation of data. Recommendations: For...

PT-2024-23184 · Tenda · Tenda Fh1205

Name of the Vulnerable Software and Affected Versions: Tenda FH1205 version 2.0.0.7775 Description: A critical vulnerability was found in the Tenda FH1205, affecting the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to a stack-based...

PT-2024-23291

Name of the Vulnerable Software and Affected Versions Andy Moyle Church Admin versions 4.0.27 and earlier Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecti...

PT-2024-23185 · Tenda · Tenda Fh1205

Name of the Vulnerable Software and Affected Versions: Tenda FH1205 version 2.0.0.7775 Description: A critical issue has been found in the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may...

PT-2024-22406 · Axonaut · Axonaut

Name of the Vulnerable Software and Affected Versions: axonaut versions 3.1.23 and earlier Description: An issue in axonaut allows a remote attacker to obtain sensitive information via the log.txt component. Recommendations: For axonaut versions 3.1.23 and earlier, consider restricting access to...

strkovec-obec.sk Cross Site Scripting vulnerability OBB-3883126

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-22029 · Unknown · Campcodes Online Marriage Registration System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Marriage Registration System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the...

CVE-2024-28851 Elevation of privilege in Snowflake Hive MetaStore Connector Helper script

The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a helper script for the Hive MetaStore Connector. A malicious insider without admin privileges...

ROS-2-1794

2.1794 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

PT-2024-20749 · Unknown · Maspik – Spam Blacklist

Name of the Vulnerable Software and Affected Versions: Maspik – Spam Blacklist versions 0.10.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...