Hardcoded credentials

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The...

CVE-2024-1920 osuuu LightPicture TokenVerify.php handle hard-coded key

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The...

CVE-2024-1784

A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file mainadmin.php. The manipulation of the argument tabgroup leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be...

Sql injection

A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file mainadmin.php. The manipulation of the argument tabgroup leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be...

CVE-2024-1784 Limbas main_admin.php sql injection

A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file mainadmin.php. The manipulation of the argument tabgroup leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be...

CVE-2024-1784 Limbas main_admin.php sql injection

A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file mainadmin.php. The manipulation of the argument tabgroup leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be...

CVE-2024-1748

A vulnerability classified as critical was found in vanderSchaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function loadmodelfromfile of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack ...

CVE-2024-1748

A vulnerability classified as critical was found in vanderSchaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function loadmodelfromfile of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack ...

Deserialization of untrusted data

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function getimgurl/imgreplace in the library lib/imagesgetdown.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely...

Deserialization of untrusted data

A vulnerability classified as critical was found in vanderSchaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function loadmodelfromfile of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack ...

CVE-2024-1750 TemmokuMVC Image Download images_get_down.php img_replace deserialization

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function getimgurl/imgreplace in the library lib/imagesgetdown.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely...

CVE-2024-1748 van_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserialization

A vulnerability classified as critical was found in vanderSchaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function loadmodelfromfile of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack ...

CVE-2024-1705 Shopwind Installation DefaultController.php actionCreate code injection

A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely...

CVE-2024-1661

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity ...

Hardcoded credentials

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity ...

CVE-2024-1661 Totolink X6000R shadow hard-coded credentials

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity ...

Mitsubishi Electric Electrical discharge machines

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : Electrical discharge machines Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...

The vulnerability of the DNSSEC component of the DNS server BIND implementation allows a attacker to cause service failures.

The vulnerability of DNSSEC implementation in DNS server BIND is related to algorithmic complexity and unlimited resource distribution during the creation of a DNS zone. Exploiting this vulnerability can allow a malicious actor to cause service failures...

SUSE SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:0487-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0487-1 advisory. - All versions of package trim are vulnerable to Regular Expression Denial of Service ReDoS via trim. CVE-2020-7753 - ansi-regex ...

SUSE CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...