CVE-2024-8869 TOTOLINK A720R exportOvpn os command injection

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult...

CVE-2024-8869 TOTOLINK A720R exportOvpn os command injection

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult...

CVE-2024-7659

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

CVE-2024-7216

CVE-2024-7216 affects TOTOLINK LR1200, version 9.3.1cu.2832. The vulnerability resides in the file /etc/shadow.sample , where a hard-coded password is used. The issue is described as having high attack complexity and a difficult exploitability, with exploitation disclosed publicly per the sources...

CVE-2024-7216 TOTOLINK LR1200 shadow.sample hard-coded password

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

CVE-2024-6129

CVE-2024-6129 affects spa-cartcms 1.9.0.6, specifically the Username Handler component’s /login function where manipulating the email argument causes observable behavior differences. All connected sources confirm remote exposure with high attack complexity and a disclosed exploit; exploitation st...

CVE-2024-5907

CVE-2024-5907 concerns a local privilege-escalation in the Windows Cortex XDR Agent by Palo Alto Networks. The vulnerability arises in the agent’s handling of certain timing races, requiring a local user to exploit a race condition to execute programs with elevated privileges. Exploitation is des...

Silverstripe XSS in Director::force_redirect()

A low level XSS vulnerability has been found in the Framework affecting http redirection via the Director::forceredirect method. Attempts to redirect to a url may generate HTML which is not safely escaped, and may pose a risk of XSS in some environments. This vulnerability is marked low as it is...

CVE-2024-5044 Emlog Pro Cookie improper authentication

A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The complexity of an...

Kimai information disclosure vulnerability

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...

CVE-2024-4596

CVE-2024-4596 affects Kimai up to 2.15.0, with information disclosure via manipulation of PHPSESSIONID in the Session Handler. The issue may be exploited remotely; attack complexity is reported as high and exploitation is considered difficult. Upgrading to Kimai 2.16.0 addresses the vulnerability...

Amazon Linux 2023 : java-22-amazon-corretto, java-22-amazon-corretto-devel, java-22-amazon-corretto-headless (ALAS2023-2024-601)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-601 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java...

CVE-2024-4063

CVE-2024-4063 affects EZVIZ CS-C6-21WFR-8 running version 5.2.7 Build 170628, with the Davinci Application component showing improper certificate validation. The vulnerability enables remote initiation of an attack, though attack complexity is described as high and exploitability as difficult. Th...

CVE-2024-4062 Hualai Xiaofang iSC5 certificate validation

A vulnerability was found in Hualai Xiaofang iSC5 3.2.2112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-3735

CVE-2024-3735 affects Smart Office (up to 20240405), targeting the Main.aspx file where manipulating the New Password/Confirm Password argument (input 1) results in weak password requirements. The vulnerability can be triggered remotely with high attack complexity; several sources indicate public...

CVE-2024-3689

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /xportalassemblesurface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to...

CVE-2024-1784

A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file mainadmin.php. The manipulation of the argument tabgroup leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be...

CVE-2024-1433 KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginI...